Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2012-080
HistoryMay 21, 2012 - 4:50 p.m.

Medium: python26

2012-05-2116:50:00
alas.aws.amazon.com
11

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.16 Low

EPSS

Percentile

95.9%

JSON

Issue Overview:

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

Affected Packages:

python26

Issue Correction:
Run yum update python26 to update your system.

New Packages:

i686:  
    python26-devel-2.6.8-1.45.amzn1.i686  
    python26-tools-2.6.8-1.45.amzn1.i686  
    python26-test-2.6.8-1.45.amzn1.i686  
    python26-debuginfo-2.6.8-1.45.amzn1.i686  
    python26-2.6.8-1.45.amzn1.i686  
    python26-libs-2.6.8-1.45.amzn1.i686  
  
src:  
    python26-2.6.8-1.45.amzn1.src  
  
x86_64:  
    python26-debuginfo-2.6.8-1.45.amzn1.x86_64  
    python26-devel-2.6.8-1.45.amzn1.x86_64  
    python26-2.6.8-1.45.amzn1.x86_64  
    python26-libs-2.6.8-1.45.amzn1.x86_64  
    python26-test-2.6.8-1.45.amzn1.x86_64  
    python26-tools-2.6.8-1.45.amzn1.x86_64

Additional References

Red Hat: CVE-2012-0845

Mitre: CVE-2012-0845

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686python26-devel< 2.6.8-1.45.amzn1python26-devel-2.6.8-1.45.amzn1.i686.rpm
Amazon Linux1i686python26-tools< 2.6.8-1.45.amzn1python26-tools-2.6.8-1.45.amzn1.i686.rpm
Amazon Linux1i686python26-test< 2.6.8-1.45.amzn1python26-test-2.6.8-1.45.amzn1.i686.rpm
Amazon Linux1i686python26-debuginfo< 2.6.8-1.45.amzn1python26-debuginfo-2.6.8-1.45.amzn1.i686.rpm
Amazon Linux1i686python26< 2.6.8-1.45.amzn1python26-2.6.8-1.45.amzn1.i686.rpm
Amazon Linux1i686python26-libs< 2.6.8-1.45.amzn1python26-libs-2.6.8-1.45.amzn1.i686.rpm
Amazon Linux1x86_64python26-debuginfo< 2.6.8-1.45.amzn1python26-debuginfo-2.6.8-1.45.amzn1.x86_64.rpm
Amazon Linux1x86_64python26-devel< 2.6.8-1.45.amzn1python26-devel-2.6.8-1.45.amzn1.x86_64.rpm
Amazon Linux1x86_64python26< 2.6.8-1.45.amzn1python26-2.6.8-1.45.amzn1.x86_64.rpm
Amazon Linux1x86_64python26-libs< 2.6.8-1.45.amzn1python26-libs-2.6.8-1.45.amzn1.x86_64.rpm
Rows per page:
1-10 of 121

Related

nessus 31
openvas 47
cve 1
amazon 2
seebug 1
ubuntucve 1
veracode 3
freebsd 1
prion 1
debiancve 1
fedora 7
redhat 1
centos 1
ubuntu 6
oraclelinux 1
f5 1
securityvulns 2
gentoo 1
osv 1
debian 1
ibm 1
suse 1
nessus
nessus
FreeBSD : Python -- DoS via malformed XML-RPC / HTTP POST request (b4f8be9e-56b2-11e1-9fb7-003067b2972c)
2012-02-14 00:00:00
Amazon Linux AMI : python27 (ALAS-2012-81)
2013-09-04 00:00:00
Amazon Linux AMI : python26 (ALAS-2012-80)
2013-09-04 00:00:00
openvas
openvas
FreeBSD Ports: python32
2012-03-12 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-80)
2015-09-08 00:00:00
FreeBSD Ports: python32
2012-03-12 00:00:00
cve
cve
CVE-2012-0845
2012-10-05 21:55:00
amazon
amazon
Medium: python27
2012-05-21 16:52:00
Low: python26
2012-07-05 16:16:00
seebug
seebug
Python SimpleXMLRPCServer远程拒绝服务漏洞
2012-02-16 00:00:00
ubuntucve
ubuntucve
CVE-2012-0845
2012-02-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:41:53
Denial Of Service (DoS)
2019-05-02 04:41:53
Information Disclosure
2019-05-02 04:41:53
freebsd
freebsd
Python -- DoS via malformed XML-RPC / HTTP POST request
2012-02-13 00:00:00
prion
prion
Design/Logic Flaw
2012-10-05 21:55:00
debiancve
debiancve
CVE-2012-0845
2012-10-05 21:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: python-docs-2.7.3-1.fc16
2012-05-06 01:26:43
[SECURITY] Fedora 17 Update: python-docs-2.7.3-1.fc17
2012-05-02 04:50:10
[SECURITY] Fedora 16 Update: python-2.7.3-1.fc16
2012-05-06 01:26:43
redhat
redhat
(RHSA-2012:0744) Moderate: python security update
2012-06-18 00:00:00
centos
centos
python, tkinter security update
2012-06-18 16:35:36
ubuntu
ubuntu
Python 3.2 vulnerabilities
2012-10-23 00:00:00
Python 2.7 vulnerabilities
2012-10-02 00:00:00
Python 3.1 vulnerabilities
2012-10-24 00:00:00
oraclelinux
oraclelinux
python security update
2012-06-18 00:00:00
f5
f5
K75910138 : Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150
2018-09-11 00:00:00
securityvulns
securityvulns
python multiple security vulnerabilities
2012-07-29 00:00:00
[ MDVSA-2012:096-1 ] python
2012-07-09 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2014-01-06 00:00:00
osv
osv
python2.6 - security update
2014-07-31 00:00:00
debian
debian
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System
2020-05-06 11:57:04
suse
suse
Security update for python3 (important)
2020-01-21 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.16 Low

EPSS

Percentile

95.9%

JSON
Related for ALAS-2012-080
nessus31openvas47cve1amazon2seebug1ubuntucve1veracode3freebsd1prion1debiancve1fedora7redhat1centos1ubuntu6oraclelinux1f51securityvulns2gentoo1osv1debian1ibm1suse1