USN-7115-1 Waitress vulnerabilities

🗓️ 19 Nov 2024 17:19:55Reported by GoogleType

osv🔗 osv.dev👁 5 Views

Waitress vulnerabilities on Ubuntu 24.04 and 24.10 allow crafted requests to cause extra processing and post-close socket writes, risking denial of service.

Reporter	Title	Published	Views	Family All 160
IBM Security Bulletins	Security Bulletin: Waitress WSGI Server Vulnerability: HTTP Pipelining Request Handling with Disabled Lookahead	1 Jul 202517:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024	26 Nov 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Time-of-check Time-of-use in python-waitress (CVE-2024-49768)	30 Dec 202517:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Waitress affects IBM Process Mining (CVE-2024-49768)	15 Apr 202503:15	–	ibm
Tenable Nessus	Amazon Linux 2023 : python3-waitress (ALAS2023-2024-773)	11 Dec 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: python-waitress (CVE-2024-49769)	22 Jan 202600:00	–	nessus
Tenable Nessus	Debian dla-3955 : python-waitress-doc - security update	16 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 41 : python-waitress (2024-157678aad0)	16 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 40 : mingw-python-waitress (2024-5abfdba2b7)	28 Nov 202400:00	–	nessus
Tenable Nessus	RHEL 9 : OpenShift Container Platform 4.15.39 (RHSA-2024:10145)	26 Nov 202400:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/notices/USN-7115-1
ubuntu	www.ubuntu.com/security/CVE-2024-49768
ubuntu	www.ubuntu.com/security/CVE-2024-49769

27 Apr 2026 17:34Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5 - 9.1

EPSS0.01524

SSVC