[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Thu Feb 21 12:16:41 CET 2013
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le Thu, 21 Feb 2013 06:05:52 -0500, Jesse Noller <jnoller at gmail.com> a écrit :
On Feb 21, 2013, at 5:32 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:
> Le Thu, 21 Feb 2013 11🔞35 +0100, > Christian Heimes <christian at python.org> a écrit : >> Am 21.02.2013 08:42, schrieb Antoine Pitrou: >>> Sure, but in many instances, rebooting a machine is not >>> business-threatening. You will have a couple of minutes' downtime >>> and that's all. Which is why the attack must be repeated many >>> times to be a major annoyance. >> >> Is this business-threatening enough? >> >> https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote > > You haven't proved that these were actual threats, nor how they > actually worked. I'm gonna remain skeptical if there isn't anything > more precise than "It highly depends on the parser and the > application what kind of exploit is possible". > > Regards > > Antoine. > I guess someone need to write a proof of concept exploit for you and release it into the wild.
I don't know whether you are trying to be ironic but, for the record, proof of concepts needn't be "released into the wild" as long as they exist.
Regards
Antoine.
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]