CVE-2012-0845

Public on 2012-05-21

Modified on 2014-09-14

Description

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

Severity

Medium

See what this means

CVSS v3 Base Score

5.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	python26	2012-07-05 16:16	ALAS-2012-98
Amazon Linux 1	python26	2012-05-21 16:50	ALAS-2012-80
Amazon Linux 1	python27	2012-05-21 16:52	ALAS-2012-81

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P

References

Red Hat: CVE-2012-0845 Mitre: CVE-2012-0845 FAQs regarding Amazon Linux ALAS/CVE Severity