Lucene search
+L

385 matches found

redhat
redhat
added 2025/02/10 1:6 a.m.6 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
nessus
nessus
added 2025/02/10 12:0 a.m.15 views

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-waitress) (RHSA-2025:1192)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1192 advisory. Pure-python WSGI server Security Fixes: python-waitress: request processing race condition in HTTP pipelining with invalid first request...

9.1CVSS6.7AI score0.01386EPSS
Exploits0References6
nessus
nessus
added 2025/02/10 12:0 a.m.10 views

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-waitress) (RHSA-2025:1191)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1191 advisory. Pure-python WSGI server Security Fixes: python-waitress: request processing race condition in HTTP pipelining with invalid first request...

9.1CVSS6.7AI score0.01386EPSS
Exploits0References6
osv
osv
added 2025/01/10 10:2 a.m.19 views

RHSA-2025:0201 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-waitress) security update

Bulletin has no description...

7.5CVSS7AI score0.01386EPSS
Exploits0References17
redhat
redhat
added 2025/01/09 2:57 p.m.18 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-waitress) security update

An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 Train for Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

9.1CVSS6.7AI score0.01386EPSS
Exploits0References3
redhat
redhat
added 2025/01/09 2:57 p.m.4 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
redhat
redhat
added 2025/01/09 2:57 p.m.5 views

waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion

A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...

7.5CVSS5.7AI score0.01386EPSS
Exploits0References8
nessus
nessus
added 2025/01/09 12:0 a.m.15 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-waitress) (RHSA-2025:0201)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:0201 advisory. Pure-python WSGI server Security Fixes: python-waitress: request processing race condition in HTTP pipelining with invalid first request...

9.1CVSS6.7AI score0.01386EPSS
Exploits0References6
redhat
redhat
added 2024/12/12 2:25 a.m.5 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
redhat
redhat
added 2024/12/12 2:25 a.m.3 views

waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion

A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...

7.5CVSS5.7AI score0.01386EPSS
Exploits0References8
amazon
amazon
added 2024/12/12 12:0 a.m.5 views

Important: python-waitress

Issue Overview: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more...

9.1CVSS7AI score0.01386EPSS
Exploits0
amazon
amazon
added 2024/12/12 12:0 a.m.7 views

Important: python-waitress

Issue Overview: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more...

9.1CVSS6.7AI score0.01386EPSS
Exploits0
nessus
nessus
added 2024/12/12 12:0 a.m.6 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-waitress (SUSE-SU-2024:4107-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4107-1 advisory. - CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up bsc1232554 Tenable ha...

7.5CVSS7.3AI score0.01386EPSS
Exploits0References4
nessus
nessus
added 2024/12/11 12:0 a.m.12 views

Amazon Linux 2023 : python3-waitress (ALAS2023-2024-773)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-773 advisory. Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using...

9.1CVSS6.6AI score0.01386EPSS
Exploits0References6
bdu_fstec
bdu_fstec
added 2024/12/09 12:0 a.m.12 views

The vulnerability of the channel_request_lookahead() function in the WSGI server for Python Waitress allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the channelrequestlookahead function in the WSGI server for Python Waitress is related to synchronization errors when using shared resources due to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP request...

9.4CVSS6.5AI score0.00496EPSS
Exploits0References5Affected Software3
redhat
redhat
added 2024/12/05 2:26 a.m.3 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
openvas
openvas
added 2024/11/29 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2024:4107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.01386EPSS
Exploits0References4
suse
suse
added 2024/11/28 3:13 p.m.4 views

Security update for python-waitress

This update for python-waitress fixes the following issues: CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up bsc1232554 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.7CVSS8.4AI score0.01386EPSS
Exploits0References4
osv
osv
added 2024/11/28 3:12 p.m.10 views

SUSE-SU-2024:4107-1 Security update for python-waitress

This update for python-waitress fixes the following issues: - CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up bsc1232554...

7.5CVSS8.2AI score0.01386EPSS
Exploits0References3
fedora
fedora
added 2024/11/28 2:45 a.m.11 views

[SECURITY] Fedora 40 Update: mingw-python-waitress-2.1.2-7.fc40

MinGW Windows Python waitress library...

9.1CVSS6.9AI score0.01386EPSS
Exploits0
Rows per page
Query Builder