CVE-2015-5964

Name: CVE-2015-5964
Creator: NVD / NIST
Published: 2015-08-24T14:59:09.837+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.93%

Last modified Jun 17, 2026

CVE-2015-5964 is a vulnerability of currently unknown severity. The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.. EPSS estimates a 4.93% chance of exploitation in the next 30 days.

Description

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

Metrics

EPSS Probability

4.93%

91.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions	Update
Djangoproject	Django	1.4	—
Djangoproject	Django	1.4.1	—
Djangoproject	Django	1.4.2	—
Djangoproject	Django	1.4.4	—
Djangoproject	Django	1.4.5	—
Djangoproject	Django	1.4.6	—
Djangoproject	Django	1.4.7	—
Djangoproject	Django	1.4.8	—
Djangoproject	Django	1.4.9	—
Djangoproject	Django	1.4.10	—
Djangoproject	Django	1.4.11	—
Djangoproject	Django	1.4.12	—
Djangoproject	Django	1.4.13	—
Djangoproject	Django	1.4.14	—
Djangoproject	Django	1.4.17	—
Djangoproject	Django	1.4.19	—
Djangoproject	Django	1.4.20	—
Djangoproject	Django	1.4.21	—
Djangoproject	Django	1.7	Beta1
Djangoproject	Django	1.7.1	—
Djangoproject	Django	1.7.2	—
Djangoproject	Django	1.7.3	—
Djangoproject	Django	1.7.4	—
Djangoproject	Django	1.7.5	—
Djangoproject	Django	1.7.6	—
Djangoproject	Django	1.7.7	—
Djangoproject	Django	1.7.8	—
Djangoproject	Django	1.7.9	—
Djangoproject	Django	1.8	Beta1
Djangoproject	Django	1.8.0	—
Djangoproject	Django	1.8.1	—
Djangoproject	Django	1.8.2	—
Djangoproject	Django	1.8.3	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	15.04	—
Oracle	Solaris	11.3	—

References

Timeline

Published: Aug 24, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-5964?

How severe is CVE-2015-5964?

Severity scoring for CVE-2015-5964 is pending analysis. The EPSS model estimates a 4.93% probability of exploitation in the next 30 days.

How do I fix CVE-2015-5964?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-5964?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST