CVE-2012-0845

Name of the Vulnerable Software and Affected Versions Python versions prior to 2.6.8 Python versions 2.7.x prior to 2.7.3 Python versions 3.x prior to 3.1.5 Python versions 3.2.x prior to 3.2.3

Description The issue allows remote attackers to cause a denial of service, resulting in infinite loops and high CPU consumption. This can be achieved via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. The vulnerability is caused by the SimpleXMLRPCRequestHandler.do POST() method not properly handling an EOF when processing POST requests, which can be exploited via a specially crafted HTTP POST request.

Recommendations For Python versions prior to 2.6.8, update to version 2.6.8 or later. For Python versions 2.7.x prior to 2.7.3, update to version 2.7.3 or later. For Python versions 3.x prior to 3.1.5, update to version 3.1.5 or later. For Python versions 3.2.x prior to 3.2.3, update to version 3.2.3 or later.