Описание
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
A flaw was found in python-twisted-web, where it does not correctly process HTTP requests, accepting requests with more than one Content-Length header. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a proxy, back-end, or web application firewall, a remote attacker can use this flaw to perform an HTTP request smuggling attack. This flaw impacts the system differently based on the type of application and the infrastructure.
Отчет
OpenShift Container Platform 4.3 and later includes python-twisted as a dependency of python-prometheus_client in Ironic container images, however the affected code is not used.
Red Hat OpenStack Platform packages the flawed code, however python-twisted's web.HTTP functionality is not used in the RHOSP environment. For this reason, the RHOSP impact has been lowered to moderate and no update will be provided at this time for the RHOSP python-twisted package.
Red Hat Satellite uses affected versions of python-twisted and python-twisted-web modules in Pulp, however, it is not vulnerable since http modal of web implementation is not expose in product. Red Hat Satellite may update python-twisted and python-twisted-web in future.
This issue affects the version of python-twisted(embedded in calamari-server) shipped with Red Hat Ceph Storage 2. However, calamari is no longer supported, hence the embedded python-twisted package will not be fixed.
Меры по смягчению последствий
When python-twisted-web is used as the back-end of your infrastructure, you can partially mitigate the problem by ensuring that each request on the front-end component (e.g. proxy) is sent over a separate network connection to the python-twisted-web server. This will prevent interference between different users, but it will not prevent all possible attacks that can be performed, which would vary based on the infrastructure and application in use.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | calamari-server | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | python-twisted | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | python-twisted | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | python-twisted | Will not fix | ||
| Red Hat OpenStack Platform 16 (Train) | python-twisted | Will not fix | ||
| Red Hat Satellite 6 | python-twisted | Will not fix | ||
| Red Hat Satellite 6 | python-twisted-web | Will not fix | ||
| Red Hat Enterprise Linux 6 | python-twisted-web | Fixed | RHSA-2020:1962 | 29.04.2020 |
| Red Hat Enterprise Linux 7 | python-twisted-web | Fixed | RHSA-2020:1561 | 23.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...
EPSS
7.3 High
CVSS3