Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-24801

A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTTP parsers. This flaw allows a remote attacker to perform an HTTP request smuggling attack. (CVE-2022-24801)

Source

ALAS2-2022-1827

Amazon Linux 2 Security Advisory: ALAS-2022-1827
Advisory Release Date: 2022-07-19 01:22 Pacific
Advisory Updated Date: 2022-07-20 22:25 Pacific

Severity: Important

References: CVE-2022-24801

Issue Overview:

A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTTP parsers. This flaw allows a remote attacker to perform an HTTP request smuggling attack. (CVE-2022-24801)

Affected Packages:

python-twisted-web

Issue Correction:
Run yum update python-twisted-web to update your system.

New Packages:

aarch64:
    python-twisted-web-12.1.0-8.amzn2.aarch64

i686:
    python-twisted-web-12.1.0-8.amzn2.i686

src:
    python-twisted-web-12.1.0-8.amzn2.src

x86_64:
    python-twisted-web-12.1.0-8.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2022-1827

ALAS2-2022-1827

Vulmon Search

About

Products

Connect