28 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-16789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, a...
CVE-2019-16789
creationtimestamp| type| source ---|---|--- 2024-03-17 11:41:32+00:00| seen| https://t.me/ctinow/209873...
Debian: Security Advisory (DLA-3000-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-16789
...
CVE-2020-16789
This CVE-2020-16789 entry is rejected/not used per the Initial Description.
SUSE: Security Advisory (SUSE-SU-2020:3269-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : python-waitress (openSUSE-2020-1922)
This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...
openSUSE Security Update : python-waitress (openSUSE-2020-1911)
This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...
SUSE-SU-2020:3269-1 Security update for python-waitress
This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...
EulerOS Virtualization for ARM 64 3.0.6.0 : python-waitress (EulerOS-SA-2020-2049)
According to the versions of the python-waitress package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string valu...
EulerOS 2.0 SP8 : python-waitress (EulerOS-SA-2020-1879)
According to the versions of the python-waitress package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not...
Low: Red Hat Security Advisory: python-waitress security update
An update for python-waitress is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Fedora 31 : python-waitress (2020-65a7744e38)
Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding various other hardening features. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and forma...
Fedora 30 : python-waitress (2020-bdcc8ffc24)
Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding various other hardening features. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and forma...
MGASA-2020-0083 Updated python-waitress packages fix security vulnerabilities
Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...
GHSA-968F-66R5-5V74 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTTP request with invalid data. This updates the existing CVE with ID: CVE-2019-16789 Patches Waitress...
HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTTP request with invalid data. This updates the existing CVE with ID: CVE-2019-16789 Patches Waitress...
Debian: Security Advisory (DLA-2056-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-16789
Affected software: Waitress (Python WSGI server) up to version 1.4.0. Vulnerability arises when a front-end proxy sends requests with Transfer-Encoding containing invalid whitespace characters; Waitress may parse such requests as chunked while the front-end uses Content-Length, enabling HTTP requ...
CVE-2019-16789 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...