CVE-2024-1135

2024-04-1600:15:07

Debian Security Bug Tracker

security-tracker.debian.org

gunicorn

transfer-encoding

http request smuggling

security restrictions

cache poisoning

session manipulation

data exposure

vulnerability

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn’s handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.

OSVersionArchitecturePackageVersionFilename
Debian12allgunicorn<= 20.1.0-6gunicorn_20.1.0-6_all.deb
Debian11allgunicorn<= 20.1.0-1gunicorn_20.1.0-1_all.deb
Debian10allgunicorn<= 19.9.0-1gunicorn_19.9.0-1_all.deb
Debian999allgunicorn< 22.0.0-1gunicorn_22.0.0-1_all.deb
Debian13allgunicorn< 22.0.0-1gunicorn_22.0.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	gunicorn	<= 20.1.0-6	gunicorn_20.1.0-6_all.deb
Debian	11	all	gunicorn	<= 20.1.0-1	gunicorn_20.1.0-1_all.deb
Debian	10	all	gunicorn	<= 19.9.0-1	gunicorn_19.9.0-1_all.deb
Debian	999	all	gunicorn	< 22.0.0-1	gunicorn_22.0.0-1_all.deb
Debian	13	all	gunicorn	< 22.0.0-1	gunicorn_22.0.0-1_all.deb