CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.5%
Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks (CVE-2020-10108, CVE-2020-10109).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | python-twisted | < 19.2.1-1.2 | python-twisted-19.2.1-1.2.mga7 |
access.redhat.com/errata/RHSA-2020:1561
bugs.mageia.org/show_bug.cgi?id=26355
know.bishopfox.com/advisories/twisted-version-19.10.0
lists.fedoraproject.org/archives/list/[email protected]/thread/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
ubuntu.com/security/notices/USN-4308-1
www.debian.org/lts/security/2020/dla-2145
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.5%