Astra Linux - уязвимость в waitress

Waitress version 1.3.1 allows for the smuggling of requests by sending the Content-Length header twice. Waitress would fold the two Content-Length headers together, and since it cannot convert the now comma-separated values into integers, it internally sets the Content-Length to 0. If two...

Unity Linux 20.1050e / 20.1070e Security Update: python-waitress (UTSA-2026-016504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016504 advisory. Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call...

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.13.54 (RHSA-2024:10815)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10815 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.14.41 (RHSA-2024:9623)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9623 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.16.23 (RHSA-2024:9618)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9618 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.15.39 (RHSA-2024:10145)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10145 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.12.70 (RHSA-2024:10535)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10535 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

Astra Linux - уязвимость в waitress

In Waitress version 1.4.0, if a proxy server is used in front of Waitress, an attacker may send an invalid request that bypasses the front-end and is parsed differently by Waitress. This could lead to HTTP request smuggling. Specifically, requests containing special whitespace characters in the...

Astra Linux - уязвимость в waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and earlier behind a proxy that does not properly validate whether the incoming HTTP requests comply with the RFC7230 standard, Waitress and the frontend proxy may disagree on where one reques...

Astra Linux - уязвимость в waitress

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end serve...

Astra Linux - уязвимость в waitress

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

Astra Linux - уязвимость в waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before Waitress has had the opportunity to call getpeername, Waitress will not properly clean up the connection. As a result, the main thread attempts to write to a socket that no long...

ROS-20260401-73-0046

The server vulnerability for python Waitress is related to a flaw in HTTP request handling. Exploitation of the vulnerability allows an attacker acting remotely to impact data integrity...

Azure Linux 3.0 Security Update: python-waitress (CVE-2022-31015)

The version of python-waitress installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-31015 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and...

Azure Linux 3.0 Security Update: python-waitress (CVE-2022-24761)

The version of python-waitress installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24761 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions...

Azure Linux 3.0 Security Update: python-waitress (CVE-2024-49769)

The version of python-waitress installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49769 advisory. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes t...

CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...

Security Bulletin: IBM Storage Ceph is vulnerable to Time-of-check Time-of-use in python-waitress (CVE-2024-49768)

Summary python-waitress is used by IBM Storage Ceph. CVE-2024-49768 Vulnerability Details CVEID:CVE-2024-49768 DESCRIPTION: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a...

TencentOS Server 4: python-waitress (TSSA-2024:1044)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1044 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...