Evaluate effect of CVE-2012-0845 on this plugin
|Reported by:||Steffen Hoffmann||Owned by:||mitsuhiko|
|Cc:||Odd Simon Simonsen, Ryan J Ollos||Trac Release:||0.11|
Description (last modified by )
(Overview of CVE-2012-0845):
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.
The full import and direct use of
ircannouncerplugin/Trac/plugin.py might not be relevant, because it looks like an abonded development tree.?
CGIXMLRPCRequestHandler is imported from
SimpleXMLRPCServer and used in
0.11/tracext/ircannouncer/utils, so I'm really unsure, if this plugin could be affected somehow.