CVE-2019-16792

Published: Jan 22, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Affected (3)

Products: Agendaless: Waitress · Oracle: Communications Cloud Native Core Network Function Cloud Native Environment · Debian: Debian Linux

1 product

1 product

Communications Cloud Native Core Network Function Cloud Native Environment

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Agendaless Waitress	Up to 1.3.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Network Function Cloud Native Environment	Version 1.10.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References (10)

https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes

Source: security-advisories@github.com

Release Notes

https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65

Source: security-advisories@github.com

Patch

https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6

Source: security-advisories@github.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: security-advisories@github.com

PatchThird Party Advisory

https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.