← Back

CVE-2020-10108

nvd nist
Published: Mar 12, 2020Modified: Nov 25, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

Affected (11)

Products: Twisted: Twisted · Fedoraproject: Fedora · Debian: Debian Linux · +2 more
Show all products
Twisted: Twisted · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux · Oracle: Solaris, Zfs Storage Appliance Kit
Twisted
1 product
Twisted
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Oracle
2 products
Solaris
Zfs Storage Appliance Kit
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Twisted
Up to 19.10.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 31
Fedora
Version 32
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.10
Configuration E
3 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Solaris
Version 10
Solaris
Version 11
Zfs Storage Appliance Kit
Version 8.8

Related CWEs

CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References (18)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.