245 matches found
USN-4308-1 twisted vulnerabilities
it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. CVE-2019-12387 It was discovered that Twisted incorrectly verified XMPP TLS...
USN-4308-1: Twisted vulnerabilities
it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. CVE-2019-12387 It was discovered that Twisted incorrectly verified XMPP TLS...
Debian: Security Advisory (DLA-2145-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2145-2 : twisted security update
It was discovered that there were was a regression introduced in DLA-2145-1 due to the incorrect application of the upstream patch for CVE-2020-10108 & CVE-2020-10109 regarding a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various type...
Security fix for the ALT Linux 9 package squid version 4.10-alt1
4.10-alt1 built March 16, 2020 Alexey Shabalin in task 247850 --- March 14, 2020 Alexey Shabalin - Updated to 4.10. - Fixes: + CVE-2019-12526 Heap Overflow issue in URN processing. + CVE-2019-12523 Multiple issues in URI processing. + CVE-2019-18676 Multiple issues in URI processing. +...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)
This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...
SUSE-SU-2020:0661-1 Security update for squid
This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in...
CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...
AZL-6819 CVE-2020-10108 affecting package python-twisted for versions less than 22.2.0-1
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
CVE-2020-10108
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
Cross site request forgery (csrf)
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
PYSEC-2020-259
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...
PYSEC-2020-260
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...
Cross site request forgery (csrf)
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...
CVE-2020-10108
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
CVE-2020-10108
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
CVE-2020-10108
CVE-2020-10108 affects Twisted Web up to 19.10.0, causing an HTTP request splitting vulnerability when two Content-Length headers are present; if the second Content-Length is zero, the request body can be interpreted as a pipelined request. Connected advisories confirm this issue across multiple ...
CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...
CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request...