In Twisted Web up to and including 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
twistedmatrix twisted |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 16.04 |
||
oracle solaris 11 |
||
oracle solaris 10 |
||
oracle zfs storage appliance kit 8.8 |