CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1156 matches found

OSV•added 2020/01/27 5:15 p.m.•2 views

UBUNTU-CVE-2020-7238

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...

7.5CVSS6.9AI score0.01498EPSS

Exploits1References6

Prion•added 2020/01/27 5:15 p.m.•25 views

Design/Logic Flaw

5CVSS8.4AI score0.14994EPSS

Exploits2References18Affected Software4

Cvelist•added 2020/01/27 4:43 p.m.•19 views

CVE-2020-7238

8.6AI score0.01498EPSS

Exploits1References18

OpenVAS•added 2020/01/23 12:0 a.m.•292 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.4AI score0.9384EPSS

Exploits26References2

RedhatCVE•added 2020/01/15 7:39 p.m.•27 views

CVE-2019-16786

An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the...

7.5CVSS0.4AI score0.00795EPSS

Exploits0References4

Veracode•added 2019/12/27 2:11 a.m.•27 views

HTTP Request Smuggling

waitress is vulnerable HTTP request smuggling. The vulnerability exists because the library mishandled HTTP request header by not correctly parsing special whitespace characters in the Transfer-Encoding header, causing the parser to use Content-Length header instead to determine the HTTP message...

8.2CVSS1.2AI score0.01002EPSS

Exploits0References11Affected Software3

OSV•added 2019/12/26 5:15 p.m.•1 views

DEBIAN-CVE-2019-16789

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...

8.2CVSS6.2AI score0.01002EPSS

Exploits0References1

OSV•added 2019/12/26 5:15 p.m.•0 views

UBUNTU-CVE-2019-16789

8.2CVSS6.6AI score0.01002EPSS

Exploits0References5

PyPA•added 2019/12/26 5:15 p.m.•5 views

PYSEC-2019-138

8.2CVSS6.5AI score0.01002EPSS

Exploits0References7Affected Software1

OSV•added 2019/12/26 5:15 p.m.•2 views

PYSEC-2019-138

8.2CVSS7.1AI score0.01002EPSS

Exploits0References7

Debian CVE•added 2019/12/26 4:40 p.m.•26 views

CVE-2019-16789

8.2CVSS6.3AI score0.01002EPSS

Exploits0

OSV•added 2019/12/26 4:34 p.m.•0 views

GHSA-M5FF-3WJ3-8PH4 HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress

Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...

5.9AI score

Exploits0References2

Positive Technologies•added 2019/12/24 12:0 a.m.•5 views

PT-2019-6234 · Waitress +3 · Waitress +3

Name of the Vulnerable Software and Affected Versions: Waitress versions 1.4.0 and earlier Description: The issue is related to the incorrect handling of special whitespace characters in the Transfer-Encoding header, which can lead to HTTP request smuggling and potentially result in cache poisoni...

9.8CVSS7AI score0.9295EPSS

Exploits28References179

Veracode•added 2019/12/23 7:27 a.m.•58 views

HTTP Request Smuggling

waitress is vulnerable HTTP request smuggling. The vulnerability exists because the library mishandled HTTP request header by not correctly parsing the Transfer-Encoding header, causing the parser to use Content-Length header instead to determine the HTTP message body size, ignoring the requests...

7.5CVSS0.6AI score0.00795EPSS

Exploits0References10Affected Software3

Positive Technologies•added 2019/12/22 12:0 a.m.•4 views

PT-2019-5515 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 18.06.0 through 18.06.5 OpenWrt versions 19.0 through 19.07.0-rc2 Description: The issue is related to an integer signedness error in the uhttpd function of the OpenWrt embedded operating system, which can lead to out-of-boun...

7.8CVSS7.5AI score0.01117EPSS

Exploits0References6

OSV•added 2019/12/20 11:15 p.m.•2 views

DEBIAN-CVE-2019-16786

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

7.5CVSS6.3AI score0.00795EPSS

Exploits0References1