5 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-16785
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Waitress through version 1.3.1 implemented a MAY part of the RFC7230 which states: Although the line terminator for the start-line and header fields is the...
CVE-2019-16792
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...
CVE-2019-16792 HTTP Request Smuggling: Content-Length Sent Twice in Waitress
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two...
CVE-2019-16785 HTTP Request Smuggling: LF vs CRLF handling in Waitress
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end serve...
CVE-2019-16785
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end serve...