aioHTTP < 3.10.11 Request Smuggling

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(211645);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2024-52304");
  script_xref(name:"IAVB", value:"2024-B-0180-S");

  script_name(english:"aioHTTP < 3.10.11 Request Smuggling");

  script_set_attribute(attribute:"synopsis", value:
"A Python library installed on the remote host is affected by a request smuggling vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of aioHTTP installed on the remote host is prior to 3.10.11. It is, therefore, affected by a
request smuggling vulnerability. aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior 
to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request 
smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the 
usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling 
attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?344bc4e9");
  script_set_attribute(attribute:"solution", value:
"Upgrade to aioHTTP version 3.10.11 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-52304");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/11/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/11/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"asset_categories", value:"component");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:python:aioHTTP");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_packages_installed_nix.nbin");
  script_require_keys("Host/nix/packages", "Host/nix/Python/Packages/Enumerated");

  exit(0);
}

include('python.inc');

var pkg = 'aiohttp';
var cpe = 'cpe:/a:python:aioHTTP';

var libs = python::get_package_info(pkg_name:pkg, cpe:cpe);

if (empty_or_null(libs))
  audit(AUDIT_NOT_INST, pkg);

vcf::check_all_backporting(app_info:libs);

var constraints = [
  { 'fixed_version' : '3.10.11' }
];

vcf::check_version_and_report(app_info:libs, constraints:constraints, severity:SECURITY_HOLE);