Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-46137HistoryOct 25, 2023 - 9:15 p.m.
CVE-2023-46137
2023-10-2521:15:10
Debian Security Bug Tracker
security-tracker.debian.org
9
twisted
framework
asynchronous
http requests
manipulated response order
http pipeline
security issue
fixed patch
cve-2023-46137
unix}
.
0.0005 Low
EPSS
Percentile
15.9%
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | twisted | <= 22.4.0-4 | twisted_22.4.0-4_all.deb |
| Debian | 11 | all | twisted | <= 20.3.0-7+deb11u1 | twisted_20.3.0-7+deb11u1_all.deb |
| Debian | 10 | all | twisted | <= 18.9.0-3+deb10u1 | twisted_18.9.0-3+deb10u1_all.deb |
| Debian | 999 | all | twisted | < 23.10.0-1 | twisted_23.10.0-1_all.deb |
| Debian | 13 | all | twisted | < 23.10.0-1 | twisted_23.10.0-1_all.deb |
Related
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Twisted (SUSE-SU-2023:4608-1)
2023-11-29 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : python3-Twisted (SUSE-SU-2023:4607-1)
2023-11-29 00:00:00
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (python-twisted) (RHSA-2024:1516)
2024-03-26 00:00:00
osv
osv
twisted.web has disordered HTTP pipeline response
2023-10-25 21:15:13
CVE-2023-46137
2023-10-25 21:15:10
PYSEC-2023-224
2023-10-25 21:15:00
redhat
redhat
redhatcve
redhatcve
CVE-2023-46137
2023-10-26 15:59:37
openvas
openvas
openSUSE: Security Advisory for python (SUSE-SU-2023:4490-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for python (SUSE-SU-2023:4608-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for python3 (SUSE-SU-2023:4607-1)
2024-03-04 00:00:00
veracode
veracode
HTTP Request Smuggling
2023-10-26 07:40:15
cvelist
cvelist
CVE-2023-46137 twisted.web has disordered HTTP pipeline response
2023-10-25 20:56:27
ibm
ibm
github
github
twisted.web has disordered HTTP pipeline response
2023-10-25 21:15:13
prion
prion
Design/Logic Flaw
2023-10-25 21:15:00
ubuntucve
ubuntucve
CVE-2023-46137
2023-10-25 00:00:00
cve
cve
CVE-2023-46137
2023-10-25 21:15:10
ubuntu
ubuntu
Twisted vulnerabilities
2024-01-10 00:00:00