Important: python-twisted-web

🗓️ 03 Jun 2020 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 51 Views

Twisted Web HTTP request splitting vulnerability with double content-length header

Reporter	Title	Published	Views	Family All 111
FreeBSD	py-twisted -- multiple vulnerabilities	1 Mar 201900:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : python-twisted-web (ALAS-2020-1428)	21 May 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python-twisted-web (ALAS-2020-1372)	4 Jun 202000:00	–	nessus
Tenable Nessus	CentOS 7 : python-twisted-web (RHSA-2020:1561)	1 May 202000:00	–	nessus
Tenable Nessus	CentOS 6 : python-twisted-web (RHSA-2020:1962)	1 May 202000:00	–	nessus
Tenable Nessus	Debian DLA-2145-2 : twisted security update	18 Mar 202000:00	–	nessus
Tenable Nessus	Debian DLA-2927-1 : twisted - LTS security update	19 Feb 202200:00	–	nessus
Tenable Nessus	Fedora 31 : python-twisted (2020-16dc0da400)	26 Mar 202000:00	–	nessus
Tenable Nessus	FreeBSD : py-twisted -- multiple vulnerabilities (9fbaefb3-837e-11ea-b5b4-641c67a117d8) (Ping Flood) (Reset Flood) (Settings Flood)	22 Apr 202000:00	–	nessus
Tenable Nessus	GLSA-202007-24 : Twisted: Access restriction bypasses	27 Jul 202000:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	i686	python26-twisted-web	8.2.0-6.6.amzn1	python26-twisted-web-8.2.0-6.6.amzn1.i686.rpm
Amazon Linux	1	x86_64	python26-twisted-web	8.2.0-6.6.amzn1	python26-twisted-web-8.2.0-6.6.amzn1.x86_64.rpm
Amazon Linux	1	i686	python27-twisted-web	8.2.0-6.6.amzn1	python27-twisted-web-8.2.0-6.6.amzn1.i686.rpm
Amazon Linux	1	x86_64	python27-twisted-web	8.2.0-6.6.amzn1	python27-twisted-web-8.2.0-6.6.amzn1.x86_64.rpm

03 Jun 2020 00:00Current

8.8High risk

Vulners AI Score8.8

CVSS 27.5

CVSS 3.19.8

EPSS0.02324

twisted web http request splitting content-length vulnerability update cve-2020-10108 red hat