Vulnerabilities > CVE-2013-1753 - Unspecified vulnerability in Python

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

python

nessus

NVD

Published: 2020-03-11

Updated: 2020-10-21

Summary

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

Vulnerable Configurations

Part	Description	Count
Application	Python Python Python 2.7.0 Python Python 2.7.1 Python Python 2.7.2 Python Python 2.7.3 Python Python 2.7.4 Python Python 2.7.5 Python Python 2.7.6 Python Python 2.7.7 Python Python 2.7.8 Python Python 3.2.0 Python Python 3.2.1 Python Python 3.2.2 Python Python 3.2.3 Python Python 3.2.4 Python Python 3.2.5 Python Python 3.3.0 Python Python 3.3.1 Python Python 3.3.2 Python Python 3.3.3 Python Python 3.3.4 Python Python 3.3.5 Python Python 3.4.0 Python Python 3.4.1 Python Python 3.4.2	84

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2653-1.NASL
description	It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752) It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753) It was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616) It was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650) It was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2015-06-26
plugin id	84428
published	2015-06-26
reporter	Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84428
title	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-213.NASL
description	Python was updated to 2.7.6 to fix bugs and security issues : - bugfix-only release - SSL-related fixes - upstream fix for CVE-2013-4238 - upstream fixes for CVE-2013-1752 - added patches for CVE-2013-1752 (bnc#856836) issues that are missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch - CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch - python-2.7.6-bdist-rpm.patch: fix broken
last seen	2020-06-05
modified	2014-06-13
plugin id	75294
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75294
title	openSUSE Security Update : python (openSUSE-SU-2014:0380-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-2101.NASL
description	From Red Hat Security Advisory 2015:2101 : Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
last seen	2020-03-18
modified	2015-11-24
plugin id	87020
published	2015-11-24
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87020
title	Oracle Linux 7 : python (ELSA-2015-2101)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20151119_PYTHON_ON_SL7_X.NASL
description	It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) This update also fixes the following bugs : - Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
last seen	2020-03-18
modified	2015-12-22
plugin id	87570
published	2015-12-22
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87570
title	Scientific Linux Security Update : python on SL7.x x86_64 (20151119)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2015-075.NASL
description	Updated python packages fix security vulnerabilities : A vulnerability was reported in Python
last seen	2020-06-01
modified	2020-06-02
plugin id	82328
published	2015-03-30
reporter	This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82328
title	Mandriva Linux Security Advisory : python (MDVSA-2015:075)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2015-552.NASL
description	It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.(CVE-2013-1752) It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.(CVE-2014-9365)
last seen	2020-03-17
modified	2015-06-25
plugin id	84369
published	2015-06-25
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84369
title	Amazon Linux AMI : python27 (ALAS-2015-552)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-2101.NASL
description	Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
last seen	2020-03-17
modified	2015-12-02
plugin id	87129
published	2015-12-02
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87129
title	CentOS 7 : python (CESA-2015:2101)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-2101.NASL
description	Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
last seen	2020-03-18
modified	2015-11-20
plugin id	86968
published	2015-11-20
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86968
title	RHEL 7 : python (RHSA-2015:2101)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0234-1.NASL
description	This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133259
published	2020-01-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133259
title	SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-278.NASL
description	Python was updated to 3.3.5 fixing bugs and security issues : - bugfix-only release, closes several security bugs - CVE-2013-1752 (bnc#856836) - DoS flaws with unbounded reads from network - disable SSLv2 by default - DoS on maliciously crafted zip files (CVE-2013-7338, bnc#869222) - CGIHttpRequestHandler directory traversal - gzip decompression bomb in xmlrpc client (CVE-2013-1753, bnc#856835) xmlrpc_gzip_33.patch - potential buffer overflow in recvfrom_into (CVE-2014-1912, bnc#863741) - hundreds of non-security-related bugfixes
last seen	2020-06-05
modified	2014-06-13
plugin id	75315
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75315
title	openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1344-1.NASL
description	This update to python 2.7.9 fixes the following issues : - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 From the version update to 2.7.9 : - contains full backport of ssl module from Python 3.4 (PEP466) - HTTPS certificate validation enabled by default (PEP476) - SSLv3 disabled by default (bnc#901715) - backported ensurepip module (PEP477) - fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don
last seen	2020-03-18
modified	2015-08-06
plugin id	85250
published	2015-08-06
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85250
title	SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2014-074.NASL
description	Updated python package fixes security vulnerabilities : Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752). A gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753).
last seen	2020-06-01
modified	2020-06-02
plugin id	73449
published	2014-04-10
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73449
title	Mandriva Linux Security Advisory : python (MDVSA-2014:074)

Redhat

rpms

python27-0:1.1-17.el6
python27-0:1.1-20.el7
python27-python-0:2.7.8-3.el6
python27-python-0:2.7.8-3.el7
python27-python-debug-0:2.7.8-3.el6
python27-python-debug-0:2.7.8-3.el7
python27-python-debuginfo-0:2.7.8-3.el6
python27-python-debuginfo-0:2.7.8-3.el7
python27-python-devel-0:2.7.8-3.el6
python27-python-devel-0:2.7.8-3.el7
python27-python-libs-0:2.7.8-3.el6
python27-python-libs-0:2.7.8-3.el7
python27-python-pip-0:1.5.6-5.el6
python27-python-pip-0:1.5.6-5.el7
python27-python-setuptools-0:0.9.8-3.el6
python27-python-setuptools-0:0.9.8-5.el7
python27-python-simplejson-0:3.2.0-2.el6
python27-python-simplejson-0:3.2.0-3.el7
python27-python-simplejson-debuginfo-0:3.2.0-2.el6
python27-python-simplejson-debuginfo-0:3.2.0-3.el7
python27-python-test-0:2.7.8-3.el6
python27-python-test-0:2.7.8-3.el7
python27-python-tools-0:2.7.8-3.el6
python27-python-tools-0:2.7.8-3.el7
python27-python-wheel-0:0.24.0-2.el6
python27-python-wheel-0:0.24.0-2.el7
python27-runtime-0:1.1-17.el6
python27-runtime-0:1.1-20.el7
python27-scldevel-0:1.1-17.el6
python27-scldevel-0:1.1-20.el7
python27-tkinter-0:2.7.8-3.el6
python27-tkinter-0:2.7.8-3.el7
python-0:2.7.5-34.el7
python-debug-0:2.7.5-34.el7
python-debuginfo-0:2.7.5-34.el7
python-devel-0:2.7.5-34.el7
python-libs-0:2.7.5-34.el7
python-test-0:2.7.5-34.el7
python-tools-0:2.7.5-34.el7
tkinter-0:2.7.5-34.el7

References

https://bugs.python.org/issue16043