FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-0845

This CVE name corresponds to:

Entered Topic
2012-02-14 Python -- DoS via malformed XML-RPC / HTTP POST request

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-0845
Phase Assigned(20120119)

Description

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

References

Source Reference
MLIST [oss-security] 20120213 Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request
CONFIRM http://bugs.python.org/issue14001
CONFIRM http://python.org/download/releases/2.6.8/
CONFIRM http://python.org/download/releases/2.7.3/
CONFIRM http://python.org/download/releases/3.1.5/
CONFIRM http://python.org/download/releases/3.2.3/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=789790
APPLE APPLE-SA-2013-10-22-3
UBUNTU USN-1596-1
UBUNTU USN-1613-2
UBUNTU USN-1592-1
UBUNTU USN-1613-1
UBUNTU USN-1615-1
UBUNTU USN-1616-1
SECTRACK 1026689
SECUNIA 51089
SECUNIA 50858
SECUNIA 51024
SECUNIA 51040
SECUNIA 51087