Описание
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 17.9.0-2ubuntu0.1 |
| devel | released | 18.9.0-6ubuntu1 |
| eoan | released | 18.9.0-3ubuntu1.1 |
| esm-infra-legacy/trusty | not-affected | 13.2.0-1ubuntu1.2+esm1 |
| esm-infra/bionic | not-affected | 17.9.0-2ubuntu0.1 |
| esm-infra/xenial | not-affected | 16.0.0-1ubuntu0.4 |
| precise/esm | not-affected | code not present |
| trusty | ignored | end of standard support |
| trusty/esm | released | 13.2.0-1ubuntu1.2+esm1 |
| upstream | needs-triage |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3