Context Navigation

Modify ↓

#11080 new task

Evaluate effect of CVE-2012-0845 on this plugin

Reported by:	Steffen Hoffmann	Owned by:	mitsuhiko
Priority:	normal	Component:	IrcAnnouncerPlugin
Severity:	normal	Keywords:	xmlrpc
Cc:	osimons	Trac Release:	0.11

Description (last modified by Steffen Hoffmann)

(Overview of CVE-2012-0845):

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

The full import and direct use of SimpleXMLRPCServer in ircannouncerplugin/Trac/plugin.py might not be relevant, because it looks like an abonded development tree.?

Only CGIXMLRPCRequestHandler is imported from SimpleXMLRPCServer and used in 0.11/tracext/ircannouncer/utils, so I'm really unsure, if this plugin could be affected somehow.

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0845

Attachments (0)

Change History (2)

comment:1 Changed 12 years ago by Steffen Hoffmann

Description:	modified (diff)

comment:2 Changed 5 years ago by Ryan J Ollos

Cc:	Ryan J Ollos removed

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as new The owner will remain mitsuhiko.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: