[ python-Bugs-1180470 ] BaseHTTPServer uses deprecated mimetools.Message
SourceForge.net
noreply at sourceforge.net
Sun Jan 15 13:03:03 CET 2006
Bugs item #1180470, was opened at 2005-04-11 00:26
Message generated for change (Comment added) made by kousu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1180470&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Paul Jimenez (paulj)
Assigned to: Nobody/Anonymous (nobody)
Summary: BaseHTTPServer uses deprecated mimetools.Message
Initial Comment:
BaseHTTPServer used a deprecated (as of 2.3) class:
mimetools.Message. cgi.py also uses it, but that's
getting fixed. If only there was just a single API for
writing webapps.
----------------------------------------------------------------------
Comment By: Nick Guenther (kousu)
Date: 2006-01-15 07:03
Message:
Logged In: YES
user_id=705725
There's a DoS attack possible here because of it, actually.
mimetools.Message locks up if it never sees '\r\n\r\n'. Thus
to crash a BaseHTTPServer all one must do is:
echo "GET / HTTP/1.1" > nc host port.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1180470&group_id=5470
More information about the Python-bugs-list
mailing list