FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- DoS via malformed XML-RPC / HTTP POST request

Affected packages
python32 <= 3.2.2_2
python31 <= 3.1.4_2
python27 <= 2.7.2_3
python26 <= 2.6.7_2
python25 <= 2.5.6_2
python24 <= 2.4.5_8
pypy <= 1.7

Details

VuXML ID b4f8be9e-56b2-11e1-9fb7-003067b2972c
Discovery 2012-02-13
Entry 2012-02-14
Modified 2012-02-26

Jan Lieskovsky reports,

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.

[source]

References

CVE Name CVE-2012-0845
URL http://bugs.python.org/issue14001
URL https://bugs.pypy.org/issue1047
URL https://bugzilla.redhat.com/show_bug.cgi?id=789790

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.