Description
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Remediation
References
Related Vulnerabilities
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.14)
Lighttpd Resource Management Errors Vulnerability (CVE-2010-0295)
WordPress Plugin Slideshow Gallery LITE Multiple Cross-Site Scripting Vulnerabilities (1.6.5)
WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.97)