Description
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
Remediation
References
Related Vulnerabilities
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)
MediaWiki Improper Input Validation Vulnerability (CVE-2017-8815)
WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.5.1)
WordPress Plugin WP Activity Log PHP Object Injection (3.2.5)
Oracle Database Server CVE-2007-5514 Vulnerability (CVE-2007-5514)