FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- DoS via malformed XML-RPC / HTTP POST request

Affected packages
python32 <= 3.2.2_2
python31 <= 3.1.4_2
python27 <= 2.7.2_3
python26 <= 2.6.7_2
python25 <= 2.5.6_2
python24 <= 2.4.5_8
pypy <= 1.7


VuXML ID b4f8be9e-56b2-11e1-9fb7-003067b2972c
Discovery 2012-02-13
Entry 2012-02-14
Modified 2012-02-26

Jan Lieskovsky reports,

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.


CVE Name CVE-2012-0845