Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Twisted 安全漏洞
Vulnerability Description
Twisted是一款使用Python语言编写的事件驱动的开源网络引擎。 Twisted 16.3.1之前版本中存在安全漏洞,该漏洞源于程序没有解决RFC 3875 4.1.18章节的命名空间冲突,因此未能保护CGI应用程序免受HTTP_PROXY环境变量中不可信客户端数据的影响。远程攻击者可借助HTTP请求中特制的代理头利用该漏洞将CGI应用程序的出站HTTP流量重定向到任意代理服务器。
CVSS Information
N/A
Vulnerability Type
N/A