109 matches found
Medium: python-twisted
Issue Overview: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowi...
SUSE CVE-2016-1000111
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
SUSE CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...
CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...
Code injection
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...
PT-2022-7596
Name of the Vulnerable Software and Affected Versions Twisted versions 0.9.4 through 22.10.0rc1 Description The issue is related to the Twisted event-based framework for internet applications. When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a...
CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...
Vulnerability of functions twited.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent in the Twisted web framework, allowing attackers to access confidential data
The vulnerability of the twisted.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent functions in the Twisted web framework relates to the disclosure of cookies and authentication headers during redirects between sources. Exploiting this vulnerability allows a remote attacker to gain acces...
The vulnerability of SSH clients and server-side networking frameworks like Twisted involves buffer copying without input data validation, allowing attackers to cause service failures.
The vulnerability of SSH clients and server-side networking frameworks like Twisted relates to the ability to accept an infinite number of data entries for the SSH version identifier. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
Amazon Linux 2 : python-twisted-web (ALAS-2022-1827)
The version of python-twisted-web installed on the remote host is prior to 12.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1827 advisory. A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the...
SUSE SLES15 Security Update : python-Twisted (SUSE-SU-2022:2297-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2297-1 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server...
PYSEC-2022-195
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...
PYSEC-2022-195
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...
CVE-2022-24801 HTTP Request Smuggling in twisted.web
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...
DEBIAN-CVE-2022-21716
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...
Design/Logic Flaw
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...
UBUNTU-CVE-2022-21716
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...
PYSEC-2022-160
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...
CVE-2022-21716 Buffer Overflow in Twisted
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...
Cookie and header exposure in twisted
...