Lucene search
K

4 matches found

UbuntuCve
UbuntuCve
added 2020/02/04 3:15 a.m.19 views

CVE-2020-5236

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...

6.8CVSS6.4AI score0.0262EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/02/04 3:15 a.m.3 views

chellow (>=2050.0.0 <=2243.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2020-5236 via waitress (>=0.8.10 <=1.4.2)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2020-5236 Source advisory: OSV:PYSEC-2020-155...

6.8CVSS6.5AI score0.0262EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/02/04 3:7 a.m.3 views

chellow (>=2234.0.0 <=2243.0.0), kinto-dist (=18.0.2) potentially affected by CVE-2020-5236 via waitress (=1.4.2)

waitress PYPI version =1.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on waitress and may be impacted: - chellow =2234.0.0, =2243.0.0 - kinto-dist =18.0.2 Source cves: CVE-2020-5236 Source advisory: OSV:GHSA-73M2-3PWG-5FGC...

6.8CVSS6.5AI score0.0262EPSS
Exploits0
CVE
CVE
added 2020/02/04 3:5 a.m.120 views

CVE-2020-5236

CVE-2020-5236 affects the Python WSGI server waitress. A flaw in the regex used to validate incoming HTTP headers allows catastrophic backtracking when headers contain invalid characters (e.g., Bad-header: xxxxxxxxxxxxxxx\x10), causing the server to hit 100% CPU and deny service. The issue was in...

6.8CVSS5.8AI score0.0262EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder