In Twisted Web up to and including 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
twistedmatrix twisted |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 16.04 |