[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)
Jesse Noller jnoller at gmail.com
Thu Feb 21 12:05:52 CET 2013
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Feb 21, 2013, at 5:32 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:
Le Thu, 21 Feb 2013 11🔞35 +0100, Christian Heimes <christian at python.org> a écrit :
Am 21.02.2013 08:42, schrieb Antoine Pitrou:
Sure, but in many instances, rebooting a machine is not business-threatening. You will have a couple of minutes' downtime and that's all. Which is why the attack must be repeated many times to be a major annoyance.
Is this business-threatening enough? https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote You haven't proved that these were actual threats, nor how they actually worked. I'm gonna remain skeptical if there isn't anything more precise than "It highly depends on the parser and the application what kind of exploit is possible". Regards Antoine.
I guess someone need to write a proof of concept exploit for you and release it into the wild.
Ok
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/jnoller%40gmail.com
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]