CVE-2020-10109
Description
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.518
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10108,CVE-2020-10109 are fixed in Python-twisted 20.3.0 | Windows |
| Linux kernel (0064-1) python-twisted_16.0.0-1ubuntu0.4_all.deb | Linux |
| Linux kernel (0064-1) python-twisted_17.9.0-2ubuntu0.1_all.deb | Linux |
| Linux kernel (0064-1) python-twisted_18.9.0-3ubuntu1.1_all.deb | Linux |
| Linux kernel (0064-1) python3-twisted_16.0.0-1ubuntu0.4_all.deb | Linux |
| Linux kernel (0064-1) python3-twisted_17.9.0-2ubuntu0.1_all.deb | Linux |
| Linux kernel (0064-1) python3-twisted_18.9.0-3ubuntu1.1_all.deb | Linux |
| Linux kernel (0064-1) python-twisted-bin_16.0.0-1ubuntu0.4_i386.deb | Linux |
| Linux kernel (0064-1) python-twisted-bin_16.0.0-1ubuntu0.4_amd64.deb | Linux |
| Linux kernel (0064-1) python-twisted-bin_17.9.0-2ubuntu0.1_i386.deb | Linux |
| Linux kernel (0064-1) python-twisted-bin_17.9.0-2ubuntu0.1_amd64.deb | Linux |
| Linux kernel (0064-1) python-twisted-bin_18.9.0-3ubuntu1.1_i386.deb | Linux |
| Linux kernel (0064-1) python-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb | Linux |
| Linux kernel (0064-1) python-twisted-web_16.0.0-1ubuntu0.4_all.deb | Linux |
| Linux kernel (0064-1) python-twisted-web_17.9.0-2ubuntu0.1_all.deb | Linux |
| Linux kernel (0064-1) python-twisted-web_18.9.0-3ubuntu1.1_all.deb | Linux |
| Linux kernel (0064-1) python3-twisted-bin_17.9.0-2ubuntu0.1_i386.deb | Linux |
| Linux kernel (0064-1) python3-twisted-bin_17.9.0-2ubuntu0.1_amd64.deb | Linux |
| Linux kernel (0064-1) python3-twisted-bin_18.9.0-3ubuntu1.1_i386.deb | Linux |
| Linux kernel (0064-1) python3-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted_16.0.0-1ubuntu0.4_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted_17.9.0-2ubuntu0.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted_18.9.0-3ubuntu1.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted_16.0.0-1ubuntu0.4_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted_17.9.0-2ubuntu0.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted_18.9.0-3ubuntu1.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_16.0.0-1ubuntu0.4_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_16.0.0-1ubuntu0.4_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_17.9.0-2ubuntu0.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_17.9.0-2ubuntu0.1_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_18.9.0-3ubuntu1.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-web_16.0.0-1ubuntu0.4_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-web_17.9.0-2ubuntu0.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python-twisted-web_18.9.0-3ubuntu1.1_all.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_17.9.0-2ubuntu0.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_17.9.0-2ubuntu0.1_amd64.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_18.9.0-3ubuntu1.1_i386.deb | Linux |
| Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_18.9.0-3ubuntu1.1_amd64.deb | Linux |
| (RHSA-2020:1561) python-twisted-web security update python-twisted-web-12.1.0-7.el7_8.x86_64.rpm | Linux |
| Python-twisted-web update (ELSA-2020-1561) python-twisted-web-12.1.0-7.el7_8.x86_64.rpm | Linux |
| (CESA-2020:1561) python-twisted-web security update python-twisted-web-12.1.0-7.el7_8.x86_64.rpm | Linux |
| Vulnerabilities CVE-2020-10108,CVE-2020-10109 are fixed in Python-twisted for linux 20.3.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234