Design/Logic Flaw

🗓️ 05 Oct 2012 21:55:00Reported by PRIOn knowledge baseType

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header

Reporter	Title	Published	Views	Family All 185
Amazon	Medium: python26	21 May 201200:00	–	amazon
Amazon	Medium: python27	21 May 201200:00	–	amazon
Amazon	Low: python26	5 Jul 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : python26 (ALAS-2012-80)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python27 (ALAS-2012-81)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python26 (ALAS-2012-98)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : python (CESA-2012:0744)	20 Jun 201200:00	–	nessus
Tenable Nessus	Fedora 17 : python3-3.2.3-5.fc17 (2012-5785) (BEAST)	7 May 201200:00	–	nessus
Tenable Nessus	Fedora 17 : python-2.7.3-3.fc17 / python-docs-2.7.3-1.fc17 (2012-5892) (BEAST)	2 May 201200:00	–	nessus
Tenable Nessus	Fedora 15 : python3-3.2.3-1.fc15 (2012-5916) (BEAST)	4 May 201200:00	–	nessus

Source	Link
python	www.python.org/download/releases/3.1.5/
python	www.python.org/download/releases/3.2.3/
openwall	www.openwall.com/lists/oss-security/2012/02/13/4
python	www.python.org/download/releases/2.6.8/
python	www.python.org/download/releases/2.7.3/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugs	www.bugs.python.org/issue14001
ubuntu	www.ubuntu.com/usn/USN-1596-1
ubuntu	www.ubuntu.com/usn/USN-1613-2
ubuntu	www.ubuntu.com/usn/USN-1613-1

25 Oct 2019 11:53Current

6.9Medium risk

Vulners AI Score6.9

EPSS0.02773