English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2022-24801
Description:Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.
Test IDs: 1.3.6.1.4.1.25623.1.1.12.2022.5576.1   1.3.6.1.4.1.25623.1.1.4.2022.1546.1   1.3.6.1.4.1.25623.1.1.10.2022.0168   1.3.6.1.4.1.25623.1.0.884234   1.3.6.1.4.1.25623.1.1.4.2022.1477.1   1.3.6.1.4.1.25623.1.0.854681   1.3.6.1.4.1.25623.1.0.892991  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2022-24801
https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html



© 1998-2025 E-Soft Inc. All rights reserved.