ALAS-2020-1372 --- python-twisted-web, python26-twisted-web, python27-twisted-web| ID: oval:org.secpod.oval:def:1601136 | Date: (C)2020-06-11 (M)2023-11-10 |
| Class: PATCH | Family: unix |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
| Platform: |
| Amazon Linux AMI |
| Product: |
| python-twisted-web |
| python26-twisted-web |
| python27-twisted-web |
