NewStart CGSL CORE 5.05 / MAIN 5.05 : python-twisted-web Multiple Vulnerabilities (NS-SA-2020-0118)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-twisted-web packages installed that are affected by multiple vulnerabilities: - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characte...

NewStart CGSL MAIN 4.05 : python-twisted-web Vulnerability (NS-SA-2020-0054)

The remote NewStart CGSL host, running version MAIN 4.05, has python-twisted-web packages installed that are affected by a vulnerability: - In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first heade...

Amazon Linux AMI : python-twisted-web (ALAS-2020-1372)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1372 advisory. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set ...

Amazon Linux 2 : python-twisted-web (ALAS-2020-1428)

The version of python-twisted-web installed on the remote host is prior to 12.1.0-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1428 advisory. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a...

Important: python-twisted-web

Issue Overview: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. CVE-2020-10109 In...

CentOS: Security Advisory for python-twisted-web (CESA-2020:1561)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 6 : python-twisted-web (RHSA-2020:1962)

The remote CentOS Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1962 advisory. - In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header...

Oracle Linux 6 : python-twisted-web (ELSA-2020-1962)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1962 advisory. - Fix CVE-2020-10108 HTTP request smuggling when presented with two Content-Length headers Resolves: rhbz1813439 Tenable has extracted the preceding description...

Scientific Linux Security Update : python-twisted-web on SL6.x i386/x86_64 (20200429)

Security Fixes : - python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid136162; scriptversion"1.3";...

Important: Red Hat Security Advisory: python-twisted-web security update

An update for python-twisted-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 : python-twisted-web (RHSA-2020:1962)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1962 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted...

Oracle Linux 7 : python-twisted-web (ELSA-2020-1561)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1561 advisory. - Fix CVE-2020-10108 and CVE-2020-10109 multiple HTTP request smuggling vulnderabilities Resolves: rhbz1813439 rhbz1813447 Tenable has extracted the...

Scientific Linux Security Update : python-twisted-web on SL7.x x86_64 (20200423)

Security Fixes : - python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 - python-twisted: HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header CVE-2020-10109 C Tenable Network Security, Inc. The...

python-twisted: HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header

A flaw was found in python-twisted-web, where it does not correctly process HTTP requests with both Content-Length and Transfer-Encoding headers. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a...

python-twisted: HTTP request smuggling when presented with two Content-Length headers

A flaw was found in python-twisted-web, where it does not correctly process HTTP requests, accepting requests with more than one Content-Length header. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example,...

RHEL 7 : python-twisted-web (RHSA-2020:1561)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1561 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using...

Scientific Linux Security Update : python-twisted-web on SL7.x x86_64 (20200407)

python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135832; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate",...

CentOS 7 : python-twisted-web (RHSA-2020:1091)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1091 advisory. - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

RHEL 7 : python-twisted-web (RHSA-2020:1091)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1091 advisory. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted...

CVE-2020-10109

A flaw was found in python-twisted-web, where it does not correctly process HTTP requests with both Content-Length and Transfer-Encoding headers. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a...