Lucene search
Veracode Vulnerability DatabaseVERACODE:22340HistoryJan 23, 2020 - 2:38 a.m.
HTTP Request Smuggling
2020-01-2302:38:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.002 Low
EPSS
Percentile
56.7%
waitress is vulnerable HTTP request smuggling. The vulnerability exists as waitress would fold a double Content-Length header twice into a comma separated value, which then causes the value of Content-Length to be set to 0 when it tries to cast a comma-separated value to an integer. The body of the HTTP request is subsequently treated as a new HTTP request.
References
docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
lists.debian.org/debian-lts-announce/2022/05/msg00011.html
www.oracle.com/security-alerts/cpuapr2022.html
Related
osv
osv
Inconsistent Interpretation of HTTP Requests in Waitress
2022-05-24 17:07:06
PYSEC-2020-178
2020-01-22 19:15:00
HTTP Request Smuggling: Content-Length Sent Twice in Waitress
2019-12-20 23:04:35
nvd
nvd
CVE-2019-16792
2020-01-22 19:15:11
cvelist
cvelist
CVE-2019-16792 HTTP Request Smuggling: Content-Length Sent Twice in Waitress
2020-01-22 18:30:15
cve
cve
CVE-2019-16792
2020-01-22 19:15:11
prion
prion
Design/Logic Flaw
2020-01-22 19:15:00
debiancve
debiancve
CVE-2019-16792
2020-01-22 19:15:11
ubuntucve
ubuntucve
CVE-2019-16792
2020-01-22 00:00:00
github
github
Inconsistent Interpretation of HTTP Requests in Waitress
2022-05-24 17:07:06
nessus
nessus
openSUSE Security Update : python-waitress (openSUSE-2020-1911)
2020-11-17 00:00:00
openSUSE Security Update : python-waitress (openSUSE-2020-1922)
2020-11-17 00:00:00
Debian DLA-3000-1 : waitress - LTS security update
2022-05-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3269-1)
2021-04-19 00:00:00
Debian: Security Advisory (DLA-3000-1)
2022-05-13 00:00:00
suse
suse
Security update for python-waitress (moderate)
2020-11-15 00:00:00
Security update for python-waitress (moderate)
2020-11-14 00:00:00
debian
debian
[SECURITY] [DLA 3000-1] waitress security update
2022-05-12 21:44:22
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00