CVE-2019-12387

MEDIUM EPSS 83.0%
Published Jun 10, 20197y ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Jun 10, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
83.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-74

Affected Products 8

VendorProductVersionRange
twistedtwisted* <19.2.1
fedoraprojectfedora29any
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
canonicalubuntu_linux19.10any
oraclezfs_storage_appliance_kit8.8any
oraclesolaris11any

References 9

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
    Broken Link
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
    Broken Link
  • github.com https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
    PatchThird Party Advisory
  • labs.twistedmatrix.com https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
    ExploitRelease NotesVendor Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/
  • twistedmatrix.com https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
    ExploitRelease NotesVendor Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4308-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4308-2/
    Third Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpuapr2020.html
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
    PatchThird Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpuapr2020.html
    PatchThird Party Advisory