Описание
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory.
Отчет
This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as their XMLRPC library did not include support for gzip encoded content.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python | Not affected | ||
| Red Hat Enterprise Linux 6 | jython | Not affected | ||
| Red Hat Enterprise Linux 6 | python | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jython-eap6 | Not affected | ||
| Red Hat JBoss SOA Platform 4.3 | jython | Not affected | ||
| Red Hat JBoss SOA Platform 5 | jython | Not affected | ||
| Red Hat OpenShift Enterprise 2 | jython | Not affected | ||
| Red Hat Satellite 5.4 | jython | Not affected | ||
| Red Hat Satellite 5.5 | jython | Not affected | ||
| Red Hat Software Collections | python27-python | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
The gzip_decode function in the xmlrpc client library in Python 3.4 an ...
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
EPSS
4.3 Medium
CVSS2