Vulnerability Details : CVE-2012-0845
Potential exploit
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.
Vulnerability category: Denial of service
Products affected by CVE-2012-0845
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.5.150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*
Threat overview for CVE-2012-0845
Top countries where our scanners detected CVE-2012-0845
Top open port discovered on systems with this issue
8123
IPs affected by CVE-2012-0845 118,650
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-0845!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-0845
24.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0845
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-0845
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0845
-
http://python.org/download/releases/2.7.3/
Python Release Python 2.7.3 | Python.orgPatch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1613-2
USN-1613-2: Python 2.4 vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1596-1
USN-1596-1: Python 2.6 vulnerabilities | Ubuntu security notices
-
http://bugs.python.org/issue14001
Issue 14001: CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request - Python trackerExploit
-
http://www.ubuntu.com/usn/USN-1615-1
USN-1615-1: Python 3.2 vulnerabilities | Ubuntu security notices
-
http://python.org/download/releases/3.2.3/
Python Release Python 3.2.3 | Python.orgPatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
[security-announce] openSUSE-SU-2020:0086-1: important: Security update
-
http://www.openwall.com/lists/oss-security/2012/02/13/4
oss-security - Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request
-
http://python.org/download/releases/3.1.5/
Python Release Python 3.1.5 | Python.orgPatch;Vendor Advisory
-
http://www.securitytracker.com/id?1026689
Python Simple XML-RPC Server Module Lets Remote Users Deny Service - SecurityTracker
-
http://python.org/download/releases/2.6.8/
Python Release Python 2.6.8 | Python.orgPatch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=789790
789790 – (CVE-2012-0845) CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request
-
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Apple - Lists.apple.com
-
http://www.ubuntu.com/usn/USN-1592-1
USN-1592-1: Python 2.7 vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1616-1
USN-1616-1: Python 3.1 vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1613-1
USN-1613-1: Python 2.5 vulnerabilities | Ubuntu security notices
Jump to