Description
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-0806 Vulnerability (CVE-2011-0806)
Internet Information Services Other Vulnerability (CVE-1999-1148)
MySQL CVE-2013-2395 Vulnerability (CVE-2013-2395)
Python Numeric Errors Vulnerability (CVE-2010-1634)
WordPress Plugin Disqus Comment System Cross-Site Scripting (2.68)