Updated python-twisted packages fix security vulnerability

When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...

SUSE: Security Advisory (SUSE-SU-2022:4057-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:4000-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Twisted vulnerable to NameVirtualHost Host header injection

...

Cross-Site Scripting (XSS)

twisted is vulnerable to cross-site scripting. The vulnerability is due to the function getResourceForRequest in vhost.py. When the host header does not match the configured twisted.web.vhost.NameVirtualHost, the 404 page will render the header allowing an attacker to inject and execute HTML and...

Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. Example configuration: python from twisted.web.server import Site from...

GHSA-VG46-2RRJ-3647 Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. Example configuration: python from twisted.web.server import Site from...

CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.28-alt1

Oct. 10, 2017 Anton Farygin 1:2.4.28-alt1 - new version 2.4.28 - disabled NameVirtualHost directive in portsall.conf closes: 32269 - increased timeout for restarting httpd on SysVinit sytems closes: 31062 - increased LOOPSSTART and TimeoutStartSec closes: 33978 - fixes: CVE-2017-9798 Corrupted or...

Security fix for the ALT Linux 9 package apache2 version 2.2.4-alt31

July 5, 2007 Aleksey Avdeev 2.2.4-alt31 - Using Fedora Project patchs for security fixes: + CVE-2006-5752 apache2-2.2.3-fedora-fix-CVE-2006-5752.patch + CVE-2007-1863 apache2-2.2.3-fedora-fix-CVE-2007-1863.patch + CVE-2007-3304 apache2-2.2.4-alt-fix-CVE-2007-3304.0.1.patch...