CVE-2020-10109
N/A
N/A
Summary
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://know.bishopfox.com/advisories
- https://know.bishopfox.com/advisories/twisted-version-19.10.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
- https://usn.ubuntu.com/4308-2/
- https://usn.ubuntu.com/4308-1/
- https://security.gentoo.org/glsa/202007-24
- https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
References
- https://know.bishopfox.com/advisories
- https://know.bishopfox.com/advisories/twisted-version-19.10.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
- https://usn.ubuntu.com/4308-2/
- https://usn.ubuntu.com/4308-1/
- https://security.gentoo.org/glsa/202007-24
- https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.