CVE-2019-12387
Description
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.531
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-12387 are fixed in Python-twisted 19.2.1 | Windows |
| Event-based framework for internet applications (USN-4308-1) python-twisted_16.0.0-1ubuntu0.4_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted_17.9.0-2ubuntu0.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted_18.9.0-3ubuntu1.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted_16.0.0-1ubuntu0.4_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted_17.9.0-2ubuntu0.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted_18.9.0-3ubuntu1.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_16.0.0-1ubuntu0.4_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_16.0.0-1ubuntu0.4_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_17.9.0-2ubuntu0.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_17.9.0-2ubuntu0.1_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_18.9.0-3ubuntu1.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-web_16.0.0-1ubuntu0.4_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-web_17.9.0-2ubuntu0.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-web_18.9.0-3ubuntu1.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_17.9.0-2ubuntu0.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_17.9.0-2ubuntu0.1_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_18.9.0-3ubuntu1.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb | Linux |
| (RHSA-2020:1091) python-twisted-web security update python-twisted-web-12.1.0-6.el7.x86_64.rpm | Linux |
| Vulnerabilities CVE-2019-12387 are fixed in Python-twisted for linux 19.2.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234