ALAS-2020-1372 --- python-twisted-web, python26-twisted-web, python27-twisted-webID: oval:org.secpod.oval:def:1601136 | Date: (C)2020-06-11 (M)2023-11-10 |
Class: PATCH | Family: unix |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
Platform: |
Amazon Linux AMI |
Product: |
python-twisted-web |
python26-twisted-web |
python27-twisted-web |