Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-46137

Published: 25/10/2023 Updated: 02/11/2023
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Twistedmatrix

Vulnerability Summary

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.

Vulnerable Product Search on Vulmon Subscribe to Product

twistedmatrix twisted

Vendor Advisories

Red Hat: Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...
Debian CVElist Bug Report Logs: twisted: CVE-2023-46137: Disordered HTTP pipeline response in twisted.web
Debian Bug report logs - #1054913 twisted: CVE-2023-46137: Disordered HTTP pipeline response in twistedweb Package: src:twisted; Maintainer for src:twisted is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2023 14:51:01 UTC Severity: impor ...

Github Repositories

https://github.com/instana/envoy-tracing

Technology preview that show-cases Instana's tracing for Envoy

Instana Envoy Tracing Demo This repository contains a technology preview for Instana's Envoy tracing functionality Supported Versions The distributed tracing is compatible with Envoy Proxy versions 115 and above Prerequisites A docker-compose installation running on your machine This demo has been created and tested on Mac OS and RHEL with docker-compose and docker-mac

https://github.com/instana/nginx-tracing

Instana tracing for NGINX demonstration

Instana NGINX Tracing Demo This repository contains a demo for Instana's NGINX tracing functionality Prerequisites A docker-compose installation running on your machine This demo has been created and tested on Mac OS X with docker-compose and docker-machine Configure Create a env file in the root of the checked-out version of this repository and enter the following tex

References

CWE-444https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wmhttps://access.redhat.com/errata/RHSA-2024:0322https://nvd.nist.govhttps://github.com/instana/envoy-tracing
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook