Main Vulnerability Database SB2012100601

SB2012100601 - Multiple vulnerabilities in Python

Published: October 6, 2012 Updated: August 11, 2020

Security Bulletin ID SB2012100601

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2012-0845)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

2) Cryptographic issues (CVE-ID: CVE-2012-1150)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Remediation

Install update from vendor's website.

SB2012100601 - Multiple vulnerabilities in Python

Breakdown by Severity

Description

Remediation

References

Please verify you're human