Description

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

Remediation

References

CVE-2019-12387

Related Vulnerabilities

phpMyFAQ Business Logic Errors Vulnerability (CVE-2023-1887)

Oracle JRE Cryptographic Issues Vulnerability (CVE-2012-2739)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Multiple Vulnerabilities (2.1.5)

WebLogic CVE-2020-14652 Vulnerability (CVE-2020-14652)

Oracle Database Server Other Vulnerability (CVE-2001-0942)

Severity

Medium

Classification

CVE-2019-12387 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities