Published: 04/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTTP parsers. This flaw allows a remote malicious user to perform an HTTP request smuggling attack. (CVE-2022-24801)

Vulnerable Product	Search on Vulmon	Subscribe to Product
twistedmatrix twisted
debian debian linux 9.0
fedoraproject fedora 35
fedoraproject fedora 36
oracle zfs storage appliance kit 8.8

Debian Bug report logs - #1009030 twisted: CVE-2022-24801 - Inconsistent Interpretation of HTTP Requests Package: src:twisted; Maintainer for src:twisted is Debian Python Team <team+python@trackerdebianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: Wed, 6 Apr 2022 10:21:02 UTC Severity: important Tag ...

Synopsis Important: OpenShift Container Platform 4954 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4954 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secu ...

Synopsis Important: python-twisted-web security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-twisted-web is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated th ...

A flaw was found in python-twisted This vulnerability occurs due to the parsing of illegal constructs in the twistedwebhttp module The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc Non-conformant parsing leads to a desync if requests pass through multiple HTTP parsers This flaw allows a remote attacker to perf ...

Twisted is an event-based framework for internet applications, supporting Python 36+ Prior to version 2240rc1, the Twisted Web HTTP 11 server, located in the `twistedwebhttp` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230 This non-conformant parsing can lead to desync if requests pass through multip ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2663 python-twisted 2170-4 Medium Vulnerable FS#74362 ...

ALAS-2022-231 Amazon Linux 2022 Security Advisory: ALAS-2022-231 Advisory Release Date: 2022-12-06 16:42 Pacific ...

CWE-444 https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1 https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2022-1827.html

CVE-2022-24801

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect