CVE-2020-10109
Published: August 31, 2023Last modified: August 31, 2023
Description
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack Vector | NETWORK |
Attack complexity | LOW |
Privileges required | NONE |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | HIGH |
Integrity impact | HIGH |
Availability impact | HIGH |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | 23 LTS | py3-twisted | Not affected (22.10.0-r1) |
Stream | py3-twisted | Not affected (22.10.0-r3) |
References
- https://know.bishopfox.com/advisories
- https://know.bishopfox.com/advisories/twisted-version-19.10.0
- https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
- https://security.gentoo.org/glsa/202007-24
- https://usn.ubuntu.com/4308-1/
- https://usn.ubuntu.com/4308-2/