Lucene search
GoogleOSV:PYSEC-2020-259HistoryMar 12, 2020 - 1:15 p.m.
PYSEC-2020-259
2020-03-1213:15:00
Google
osv.dev
11
EPSS
0.009
Percentile
83.2%
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
References
github.com/advisories/GHSA-h96w-mmrf-2h6v
know.bishopfox.com/advisories
know.bishopfox.com/advisories/twisted-version-19.10.0
lists.fedoraproject.org/archives/list/[email protected]/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
lists.fedoraproject.org/archives/list/[email protected]/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
security.gentoo.org/glsa/202007-24
usn.ubuntu.com/4308-1/
usn.ubuntu.com/4308-2/
www.oracle.com/security-alerts/cpuoct2020.html
Related
nessus
nessus
Amazon Linux AMI : python-twisted-web (ALAS-2020-1372)
2020-06-04 00:00:00
CentOS 6 : python-twisted-web (CESA-2020:1962)
2020-05-01 00:00:00
ubuntucve
ubuntucve
CVE-2020-10108
2020-03-12 00:00:00
CVE-2020-10109
2020-03-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-10108 affecting package python-twisted 19.2.1-5
2021-08-11 06:39:26
redhatcve
redhatcve
CVE-2020-10108
2020-03-13 20:10:57
alpinelinux
alpinelinux
CVE-2020-10108
2020-03-12 13:15:12
nvd
nvd
CVE-2020-10108
2020-03-12 13:15:12
centos
centos
python security update
2020-04-30 19:58:15
python security update
2020-04-30 19:55:14
cve
cve
CVE-2020-10108
2020-03-12 13:15:12
amazon
amazon
Important: python-twisted-web
2020-05-22 20:57:00
Important: python-twisted-web
2020-05-19 18:32:00
veracode
veracode
HTTP Request Smuggling
2020-03-13 04:28:16
HTTP Request Splitting
2020-03-16 06:28:24
osv
osv
CVE-2020-10108
2020-03-12 13:15:12
Improper Input Validation in Twisted
2020-03-31 15:42:42
twisted - security update
2020-03-17 00:00:00
openvas
openvas
CentOS: Security Advisory for python-twisted-web (CESA-2020:1962)
2020-05-01 00:00:00
Mageia: Security Advisory (MGASA-2020-0428)
2022-01-28 00:00:00
Twisted Web < 20.3.0 Multiple Vulnerabilities
2022-03-22 00:00:00
debiancve
debiancve
CVE-2020-10108
2020-03-12 13:15:12
cvelist
cvelist
CVE-2020-10108
2020-03-12 12:42:33
github
github
Improper Input Validation in Twisted
2020-03-31 15:42:42
oraclelinux
oraclelinux
python-twisted-web security update
2020-04-29 00:00:00
python-twisted-web security update
2020-04-23 00:00:00
ol-automation-manager security update
2022-04-27 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-03-12 13:15:00
redhat
redhat
(RHSA-2020:1962) Important: python-twisted-web security update
2020-04-29 08:51:32
(RHSA-2020:1561) Important: python-twisted-web security update
2020-04-23 13:32:32
photon
photon
Critical Photon OS Security Update - PHSA-2020-0109
2020-07-03 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0109
2020-07-03 00:00:00
gentoo
gentoo
Twisted: Access restriction bypasses
2020-07-27 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: python-twisted-19.10.0-2.fc32
2020-03-25 16:17:24
[SECURITY] Fedora 31 Update: python-twisted-19.2.1-6.fc31
2020-03-26 01:20:38
mageia
mageia
Updated python-twisted packages fix security vulnerabilities
2020-11-21 15:21:00
debian
debian
[SECURITY] [DLA 2145-2] twisted security update
2020-03-19 17:13:20
[SECURITY] [DLA 2145-1] twisted security update
2020-03-17 18:03:22
[SECURITY] [DLA 2927-1] twisted security update
2022-02-19 16:30:59
ubuntu
ubuntu
Twisted vulnerabilities
2020-03-30 00:00:00
Twisted vulnerabilities
2020-03-19 00:00:00
freebsd
freebsd
py-twisted -- multiple vulnerabilities
2019-03-01 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00