Lucene search
K

16 matches found

OpenVAS
OpenVAS
added 2022/05/13 12:0 a.m.23 views

Debian: Security Advisory (DLA-3000-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.8AI score0.02714EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2020:3269-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.5AI score0.02714EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2020/11/17 12:0 a.m.41 views

openSUSE Security Update : python-waitress (openSUSE-2020-1911)

This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...

8.2CVSS6.3AI score0.02714EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2020/11/17 12:0 a.m.30 views

openSUSE Security Update : python-waitress (openSUSE-2020-1922)

This update for python-waitress to 1.4.3 fixes the following security issues : - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...

8.2CVSS6.3AI score0.02714EPSS
Exploits1References8
OSV
OSV
added 2020/11/10 2:58 p.m.11 views

SUSE-SU-2020:3269-1 Security update for python-waitress

This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling bsc1161088. - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding bsc1161089. - CVE-2019-16789: HTTP request smuggling through...

8.2CVSS7.7AI score0.02714EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.36 views

EulerOS Virtualization for ARM 64 3.0.6.0 : python-waitress (EulerOS-SA-2020-2049)

According to the versions of the python-waitress package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string valu...

8.2CVSS6.5AI score0.02714EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.33 views

EulerOS 2.0 SP8 : python-waitress (EulerOS-SA-2020-1879)

According to the versions of the python-waitress package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not...

8.2CVSS6.5AI score0.02714EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/03/05 12:2 p.m.44 views

Low: Red Hat Security Advisory: python-waitress security update

An update for python-waitress is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.2CVSS6.6AI score0.02714EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/02/27 12:0 a.m.34 views

Fedora 31 : python-waitress (2020-65a7744e38)

Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding various other hardening features. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and forma...

8.2CVSS6.3AI score0.02714EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/02/26 12:0 a.m.31 views

Fedora 30 : python-waitress (2020-bdcc8ffc24)

Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding various other hardening features. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and forma...

8.2CVSS6.3AI score0.02714EPSS
Exploits1References4
OSV
OSV
added 2020/02/13 10:49 a.m.11 views

MGASA-2020-0083 Updated python-waitress packages fix security vulnerabilities

Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a...

8.2CVSS7.6AI score0.02714EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/01/15 7:39 p.m.28 views

CVE-2019-16786

An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the...

7.5CVSS0.4AI score0.02545EPSS
Exploits0References4
Veracode
Veracode
added 2019/12/27 2:11 a.m.28 views

HTTP Request Smuggling

waitress is vulnerable HTTP request smuggling. The vulnerability exists because the library mishandled HTTP request header by not correctly parsing special whitespace characters in the Transfer-Encoding header, causing the parser to use Content-Length header instead to determine the HTTP message...

8.2CVSS1.2AI score0.02587EPSS
Exploits0References11Affected Software3
vulnersOsv
vulnersOsv
added 2019/12/20 11:15 p.m.6 views

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +9 more potentially affected by CVE-2019-16786 via waitress (>=0.8.10 <=1.3.0)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =0.9.6 - syncto =1.5.0 - toggl2pl =1.0.3 Source cves: CVE-2019-16786 Source advisory: OSV:PYSEC-2019-137...

7.5CVSS6.7AI score0.02545EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/12/20 11:4 p.m.5 views

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16786 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16786 Source advisory: OSV:GHSA-G2XC-35JW-C63P...

7.5CVSS6.7AI score0.02545EPSS
Exploits0
CVE
CVE
added 2019/12/20 11:0 p.m.313 views

CVE-2019-16786

Waitress (Python WSGI server) before version 1.4.0 exposed an HTTP request-smuggling vulnerability related to Transfer-Encoding. If a request’s Transfer-Encoding header was not finalised as chunked, Waitress could ignore the header and fall back to Content-Length, potentially allowing HTTP pipeli...

7.5CVSS7AI score0.02545EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder