SB2020031234 - Multiple vulnerabilities in Twisted Web

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2020-10108)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to an error when processing two Content-length headers, sent within one HTTP request that caused the request body to be interpreted as a pipelined request. A remote attacker can send a specially crafted HTTP request to the affected web server and posing HTTP cache or perform other attacks against web application.

2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2020-10109)

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to insufficient input validation when processing Content-length and a Chunked encoding header, sent within one HTTP request. The Content-length header took precedence and the remainder of the request body was interpreted as a pipelined request. A remote attacker can send a specially crafted HTTP request to the affected web server and poison HTTP cache or perform other attacks against web application.

Remediation

Install update from vendor's website.

References

• https://know.bishopfox.com/advisories
• https://know.bishopfox.com/advisories/twisted-version-19.10.0