Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xc8x-vp79-p3wm

Опубликовано: 25 окт. 2023
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 5.3

Описание

twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.

Details

There's an example faulty program:

from twisted.internet import reactor, endpoints from twisted.web import server from twisted.web.proxy import ReverseProxyResource from twisted.web.resource import Resource class Second(Resource): isLeaf = True def render_GET(self, request): return b'SECOND\n' class First(Resource): isLeaf = True def render_GET(self, request): def send_response(): request.write(b'FIRST DELAYED\n') request.finish() reactor.callLater(0.5, send_response) return server.NOT_DONE_YET root = Resource() root.putChild(b'second', Second()) root.putChild(b'first', First()) endpoint = endpoints.TCP4ServerEndpoint(reactor, 8080) endpoint.listen(server.Site(root)) reactor.run()

When two requests for /first and /second are sent in the same order, the second request will be responded to first.

echo -en "GET /first HTTP/1.1\r\nHost: a\r\n\r\nGET /second HTTP/1.1\r\nHost: a\r\n\r\n" | nc localhost 8080

Ссылки

Пакеты

Наименование

Twisted

pip
Затронутые версииВерсия исправления

< 23.10.0rc1

23.10.0rc1

EPSS

Процентиль: 70%
0.00645
Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2023-46137

Дефекты

CWE-444

Связанные уязвимости

ubuntu логотип

CVE-2023-46137

CVSS3: 5.3
ubuntu
около 2 лет назад

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.

redhat логотип

CVE-2023-46137

CVSS3: 5.3
redhat
около 2 лет назад

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.

nvd логотип

CVE-2023-46137

CVSS3: 5.3
nvd
около 2 лет назад

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.

msrc логотип

CVE-2023-46137

CVSS3: 5.3
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-46137

CVSS3: 5.3
debian
около 2 лет назад

Twisted is an event-based framework for internet applications. Prior t ...

EPSS

Процентиль: 70%
0.00645
Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2023-46137

Дефекты

CWE-444