31 matches found
MiracleLinux 7 : python-twisted-web-12.1.0-7.el7 (AXSA:2020-025:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-025:01 advisory. python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 python-twisted: HTTP request smuggling when...
Linux Distros Unpatched Vulnerability : CVE-2019-12387
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...
Oracle Linux 7 : python-twisted-web (ELSA-2020-1091)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1091 advisory. 12.1.0-6 - Fix CVE-2019-12387 HTTP Header Injection Resolves: rhbz1721518 Tenable has extracted the preceding description block directly from the Oracle Linux...
SUSE SLES12 Security Update : python-Twisted (SUSE-SU-2022:4074-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4074-1 advisory. - CVE-2022-39348: Fixed NameVirtualHost Host header injection bsc1204781. Tenable has extracted the preceding description block...
Ubuntu: Security Advisory (USN-4308-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Twisted Web < 19.2.1 Character Injection Vulnerability
Twisted Web is prone to a character injection vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Mageia: Security Advisory (MGASA-2019-0360)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:2066-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : python-twisted-web Multiple Vulnerabilities (NS-SA-2020-0078)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-twisted-web packages installed that are affected by multiple vulnerabilities: - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characte...
Photon OS 2.0: Python PHSA-2020-2.0-0260
An update of the python package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0260. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13851...
FreeBSD : py-twisted -- multiple vulnerabilities (9fbaefb3-837e-11ea-b5b4-641c67a117d8) (Ping Flood) (Reset Flood) (Settings Flood)
Twisted developers reports : All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces...
Scientific Linux Security Update : python-twisted-web on SL7.x x86_64 (20200407)
python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135832; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate",...
RHEL 7 : python-twisted-web (RHSA-2020:1091)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1091 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted...
Moderate: Red Hat Security Advisory: python-twisted-web security update
An update for python-twisted-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Ubuntu: Security Advisory (USN-4308-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-twisted packages fix security vulnerabilities
Updated python-twisted packages fix security vulnerabilities: Improper sanitization of URIs or HTTP which could allow attackers to perform CRLF attacks CVE-2019-12387. In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS,...
Fedora 29 : python-twisted (2019-b67877d7c2)
Fix CVE-2019-12387 rhbz1719503 rhbz1719501 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenab...
SUSE SLES12 Security Update : python-Twisted (SUSE-SU-2019:2066-1)
This update for python-Twisted fixes the following issue : Security issue fixed : CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks bsc1137825. Note that Tenable Network Security has extracted the preceding description block...
SUSE-SU-2019:2066-1 Security update for python-Twisted
This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks bsc1137825...
openSUSE: Security Advisory for python-Twisted (openSUSE-SU-2019:1760-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...