Am 21.02.2013 08:42, schrieb Antoine Pitrou: > Sure, but in many instances, rebooting a machine is not > business-threatening. You will have a couple of minutes' downtime and > that's all. Which is why the attack must be repeated many times to be a > major annoyance.
Is this business-threatening enough? https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote * An attacker can circumvent firewalls and gain access to restricted resources as all the requests are made from an internal and trustworthy IP address, not from the outside. * An attacker can abuse a service to attack, spy on or DoS your servers but also third party services. The attack is disguised with the IP address of the server and the attacker is able to utilize the high bandwidth of a big machine. * An attacker can exhaust additional resources on the machine, e.g. with requests to a service that doesn't respond or responds with very large files. * An attacker may gain knowledge, when, how often and from which IP address a XML document is accessed. * An attacker could send mail from inside your network if the URL handler supports smtp:// URIs. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com