Описание
ELSA-2020-1962: python-twisted-web security update (IMPORTANT)
[8.2.0-7]
- Fix CVE-2020-10108 HTTP request smuggling when presented with two Content-Length headers Resolves: rhbz#1813439
- Remove useless macros definitions
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
python-twisted-web
8.2.0-6.el6_10
Oracle Linux i686
python-twisted-web
8.2.0-6.el6_10
Связанные CVE
Связанные уязвимости
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...