PT-2019-5686 · Twisted+6 · Twisted Web+6

Publicado

2019-05-12

Atualizado

2025-03-26

CVE-2020-10108

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Twisted Web versions prior to 20.3.0

Description The issue is related to insufficient input validation when handling HTTP headers, which can lead to an HTTP request splitting vulnerability. When presented with two content-length headers, the first header is ignored. If the second content-length value is set to zero, the request body is interpreted as a pipelined request. This can potentially allow a remote attacker to cause a denial of service.

Recommendations For Twisted Web versions prior to 20.3.0, update to version 20.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the handling of multiple content-length headers to prevent request splitting.

Exploit

Correção

HTTP Request/Response Smuggling

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-444CWE-20

Identificadores relacionados

AZL-6819

BDU:2020-05644

CESA-2020_1561

CESA-2020_1962

CVE-2020-10108

DLA-2145-1

DLA-2145-2

DLA-2927-1

GHSA-H96W-MMRF-2H6V

MGASA-2020-0428

OPENSUSE-SU-2024:11041-1

PYSEC-2020-259

RHSA-2020:1561

RHSA-2020:1962

RHSA-2020_1561

RHSA-2020_1962

SUSE-SU-2022:2811-1

SUSE-SU-2022:4074-1

SUSE-SU-2022_2811-1

USN-4308-1

USN-4308-2

Produtos afetados

Astra Linux

Centos

Red Hat

Red Os

Suse

Twisted Web

Ubuntu

PT-2019-5686 · Twisted+6 · Twisted Web+6

CVE-2020-10108

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 82