WEB APPLICATION VULNERABILITIES Standard & Premium

TwistedHTTP Request Splitting Vulnerability (CVE-2020-10109)

Description

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Remediation

References

Related Vulnerabilities

WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.9.4.6)

Joomla! Core 3.x.x Remote File Inclusion (3.0.0 - 3.2.5)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.10)

WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1)

Jenkins Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2021-21615)

Severity

Critical

Classification

CVE-2020-10109 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities