Amazon Linux 2 : python-twisted-web (ALAS-2020-1428)

The version of python-twisted-web installed on the remote host is prior to 12.1.0-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1428 advisory. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a...

Important: python-twisted-web

Issue Overview: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. CVE-2020-10109 In...

CentOS 7 : python-twisted-web (RHSA-2020:1561)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1561 advisory. - In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the fir...

CentOS: Security Advisory for python-twisted-web (CESA-2020:1561)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 6 : python-twisted-web (RHSA-2020:1962)

The remote CentOS Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1962 advisory. - In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header...

Oracle Linux 6 : python-twisted-web (ELSA-2020-1962)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1962 advisory. - Fix CVE-2020-10108 HTTP request smuggling when presented with two Content-Length headers Resolves: rhbz1813439 Tenable has extracted the preceding description...

Scientific Linux Security Update : python-twisted-web on SL6.x i386/x86_64 (20200429)

Security Fixes : - python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid136162; scriptversion"1.3";...

Important: Red Hat Security Advisory: python-twisted-web security update

An update for python-twisted-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python-twisted: HTTP request smuggling when presented with two Content-Length headers

A flaw was found in python-twisted-web, where it does not correctly process HTTP requests, accepting requests with more than one Content-Length header. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example,...

RHEL 6 : python-twisted-web (RHSA-2020:1962)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1962 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted...

Scientific Linux Security Update : python-twisted-web on SL7.x x86_64 (20200423)

Security Fixes : - python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 - python-twisted: HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header CVE-2020-10109 C Tenable Network Security, Inc. The...

Oracle Linux 7 : python-twisted-web (ELSA-2020-1561)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1561 advisory. - Fix CVE-2020-10108 and CVE-2020-10109 multiple HTTP request smuggling vulnderabilities Resolves: rhbz1813439 rhbz1813447 Tenable has extracted the...

python-twisted: HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header

A flaw was found in python-twisted-web, where it does not correctly process HTTP requests with both Content-Length and Transfer-Encoding headers. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a...

python-twisted: HTTP request smuggling when presented with two Content-Length headers

A flaw was found in python-twisted-web, where it does not correctly process HTTP requests, accepting requests with more than one Content-Length header. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example,...

RHEL 7 : python-twisted-web (RHSA-2020:1561)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1561 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using...

Scientific Linux Security Update : python-twisted-web on SL7.x x86_64 (20200407)

python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135832; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate",...

CentOS 7 : python-twisted-web (RHSA-2020:1091)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1091 advisory. - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

RHEL 7 : python-twisted-web (RHSA-2020:1091)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1091 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted...

[SECURITY] Fedora 31 Update: python-twisted-19.2.1-6.fc31

Twisted is a networking engine written in Python, supporting numerous proto cols. It contains a web server, numerous chat clients, chat servers, mail servers and more...

Fedora 31 : python-twisted (2020-16dc0da400)

Security fix for CVE-2020-10108 1813439, 1813441 Security fix for CVE-2020-10109 1813447, 1813449 ---- Own %pythonXsitelib/twisted/plugins Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...