2 matches found
RHEL 8 : python-waitress (RHSA-2020:0720)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0720 advisory. Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. Security Fixes: HTTP request smuggling through LF vs CRLF handli...
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...