Home > Vulnerability Database > CVE-2020-7655

Mend.io Vulnerability Database

CVE-2020-7655

Good to know:

Date: May 21, 2020

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks.

Language: Python

Severity Score

6.1

Related Resources (6)

Url: https://github.com/hivesolutions/netius

Url: https://github.com/advisories/GHSA-wm2m-xrrp-j74c

Url: https://github.com/pypa/advisory-database/tree/main/vulns/netius/PYSEC-2020-242.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-7655

Url: https://github.com/hivesolutions/netius/commit/9830881ef68328f8ea9c7901db1d11690677e7d1

Url: https://www.mend.io/vulnerability-database/CVE-2020-7655

Severity Score

6.1

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CWE-444

Top Fix

Upgrade Version

Upgrade to version netius - 1.17.58

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-7655

Good to know:

Date: May 21, 2020

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?