Python -- DoS via malformed XML-RPC / HTTP POST request

ID B4F8BE9E-56B2-11E1-9FB7-003067B2972C
Type freebsd
Reporter FreeBSD
Modified 2012-02-26T00:00:00


Jan Lieskovsky reports,

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.