Python -- DoS via malformed XML-RPC / HTTP POST request

Description:

Jan Lieskovsky reports,

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.

References:

CVE name CVE-2012-0845
URL: <http://bugs.python.org/issue14001>
URL: <https://bugzilla.redhat.com/show_bug.cgi?id=789790>
URL: <https://bugs.pypy.org/issue1047>

Affects:

python32 <=3.2.2_2
python31 <=3.1.4_2
python27 <=2.7.2_3
python26 <=2.6.7_2
python25 <=2.5.6_2
python24 <=2.4.5_8
pypy <=1.7

portaudit: Python -- DoS via malformed XML-RPC / HTTP POST request

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>