CVE-2019-12855
https://notcve.org/view.php?id=CVE-2019-12855
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. La vulnerabilidad de tipo cross-site-scripting (XSS) en el servlet ctcprotocol/Protocol en SAP NetWeaver AS JAVA versión 7.3 permite a los atacantes remotos inyectar scripts web arbitrarios o HTML por medio del parámetro sessionID, también se conoce como Nota de Seguridad de SAP 2406783. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html https://github.com/twisted/twisted/pull/1147 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ https://twistedmatrix.com/trac/ticket/9561 https://usn.ubuntu.com/4308-1 https://usn.ubuntu.com/4308-2 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-295: Improper Certificate Validation •
CVE-2019-12387 – python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods
https://notcve.org/view.php?id=CVE-2019-12387
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. En las versiones anteriores a 19.2.1. de Twisted, twisted.web no validó ni saneó los URIs o los métodos HTTP, permitiendo que un atacante inyecte caracteres no válidos tales como CRLF. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html https://usn.ubuntu.com/4308-1 htt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2016-1000111 – Twisted: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-1000111
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. Twisted versiones anteriores a la versión 16.3.1, no intenta abordar los conflictos de espacio de nombres RFC 3875 sección 4.1.18 y, por lo tanto, no protege las aplicaciones CGI de la presencia de datos de clientes no seguros en la variable de entorno HTTP_PROXY, lo que podría permitir a atacantes remotos redireccionar un tráfico HTTP saliente de una aplicación CGI hacia un servidor proxy arbitrario por medio de un encabezado Proxy especialmente diseñado en una petición HTTP, también se conoce como un problema "httpoxy". It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. • http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html https://twistedmatrix.com/trac/ticket/8623 https://www.openwall.com/lists/oss-security/2016/07/18/6 https://access.redhat.com/security/cve/CVE-2016-1000111 https://bugzilla.redhat.com/show_bug.cgi?id=1357345 • CWE-20: Improper Input Validation CWE-425: Direct Request ('Forced Browsing') •