Astra Linux - уязвимость в waitress

Waitress version 1.3.1 allows for the smuggling of requests by sending the Content-Length header twice. Waitress would fold the two Content-Length headers together, and since it cannot convert the now comma-separated values into integers, it internally sets the Content-Length to 0. If two...

Astra Linux - уязвимость в waitress

Waitress, in version 1.3.1, implemented a “MAY” clause from RFC7230. This clause states: “Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.” Unfortunately, if a front-end...

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.12.70 (RHSA-2024:10535)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10535 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

Astra Linux - уязвимость в waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and earlier behind a proxy that does not properly validate whether the incoming HTTP requests comply with the RFC7230 standard, Waitress and the frontend proxy may disagree on where one reques...

Azure Linux 3.0 Security Update: python-waitress (CVE-2024-49769)

The version of python-waitress installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49769 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes t...

EUVD-2022-0358

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-16792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header an...

Linux Distros Unpatched Vulnerability : CVE-2019-16786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall...

Linux Distros Unpatched Vulnerability : CVE-2019-16789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and...

USN-7115-1 Waitress vulnerabilities

It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2024-49768 Dylan Jay discovered th...

HTTP Request Smuggling (HRS)

Waitress is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper handling of request lookahead and parsing in HTTP pipelining. When request lookahead is enabled, the server processes the first request, but due to a race condition, it may start handling the second request...

Denial Of Service (DoS)

Waitress is vulnerable to Denial Of Service DoS. The vulnerability is due to a race condition where, if a remote client closes the connection before Waitress calls getpeername, allows an attacker to trigger a busy-loop in the server, causing it to repeatedly attempt writing to a non-existent sock...

SUSE CVE-2024-49769

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +266 more potentially affected by CVE-2024-49769 via waitress (>=0.8.10 <=3.0.0)

waitress PYPI version =0.8.10, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =1.0.2, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.1.7 and more Source cves: CVE-2024-49769 Source advisory: OSV:PYSEC-2024-211...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +212 more potentially affected by CVE-2024-49768 via waitress (>=2.0.0 <=3.0.0)

waitress PYPI version =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.0.4, =0.1.0 - brython-components =0.3.1 and more Source cves: CVE-2024-49768 Source advisory: OSV:PYSEC-2024-210...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +212 more potentially affected by CVE-2024-49768 via waitress (>=2.0.0 <=3.0.0)

waitress PYPI version =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.0.4, =0.1.0 - brython-components =0.3.1 and more Source cves: CVE-2024-49768 Source advisory: SNYK:PYTHON-WAITRESS-8309636...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +212 more potentially affected by CVE-2024-49768 via waitress (>=2.0.0 <=3.0.0)

waitress PYPI version =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.0.4, =0.1.0 - brython-components =0.3.1 and more Source cves: CVE-2024-49768 Source advisory: OSV:GHSA-9298-4CF8-G4WJ...

Missing Release of Resource after Effective Lifetime

Overview waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to the improper handling of socket connections when a remote client prematurely closes t...

aberoth-ephemeris (>=1.0.0 <=1.0.2), adop (>=0.0.1 <=0.0.4) +266 more potentially affected by CVE-2024-49769 via waitress (>=0.8.10 <=3.0.0)

waitress PYPI version =0.8.10, =1.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =1.1.0, =0.1.13, =1.0.2, =0.1.1, =0.0.1, =0.2.0, =0.1.1, =0.1.7 and more Source cves: CVE-2024-49769 Source advisory: OSV:GHSA-3F84-RPWH-47G6...