Description
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Affiliate Platform Multiple Vulnerabilities (6.3.9)
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.5)
WordPress Plugin ShareYourCart Information Disclosure (1.6.1)
WordPress Plugin GDPR CCPA Compliance Support PHP Object Injection (2.3)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)