Описание
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
A flaw was found in python-twisted-web, where it does not correctly process HTTP requests with both Content-Length and Transfer-Encoding headers. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a proxy, back-end, or web application firewall, a remote attacker can use this flaw to perform an HTTP request smuggling attack. This flaw impacts the system differently based on the type of application and the infrastructure.
Отчет
Although Red Hat OpenStack Platform packages the flawed code, python-twisted's web.HTTP functionality is not used in the RHOSP environment. For this reason, the RHOSP impact has been lowered to moderate and no update will be provided at this time for the RHOSP python-twisted package .
OpenShift Container Platform 4.3 and later includes python-twisted as a dependency of python-prometheus_client in Ironic container images, however the affected code is not used.
Red Hat Satellite uses affected versions of python-twisted and python-twisted-web modules in Pulp, however, it is not vulnerable since http modal of web implementation is not expose in product. Red Hat Satellite may update python-twisted and python-twisted-web in future.
This issue affects the version of python-twisted(embedded in calamari-server) shipped with Red Hat Ceph Storage 2. However, calamari is no longer supported, hence the embedded python-twisted package will not be fixed.
Меры по смягчению последствий
When python-twisted-web is used as the back-end of your infrastructure, you can partially mitigate the problem by ensuring that each request on the front-end component (e.g. proxy) is sent over a separate network connection to the python-twisted-web server. This will prevent interference between different users, but it will not prevent all possible attacks that can be performed, which would vary based on the infrastructure and application in use.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | calamari-server | Will not fix | ||
| Red Hat Enterprise Linux 6 | python-twisted-web | Not affected | ||
| Red Hat OpenShift Container Platform 4 | python-twisted | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | python-twisted | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | python-twisted | Will not fix | ||
| Red Hat OpenStack Platform 16 (Train) | python-twisted | Will not fix | ||
| Red Hat Satellite 6 | python-twisted | Will not fix | ||
| Red Hat Satellite 6 | python-twisted-web | Will not fix | ||
| Red Hat Enterprise Linux 7 | python-twisted-web | Fixed | RHSA-2020:1561 | 23.04.2020 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...
7.3 High
CVSS3