385 matches found
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
RHEL 8 : Red Hat OpenStack Platform 17.1 (python-waitress) (RHSA-2025:1192)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1192 advisory. Pure-python WSGI server Security Fixes: python-waitress: request processing race condition in HTTP pipelining with invalid first request...
RHEL 9 : Red Hat OpenStack Platform 17.1 (python-waitress) (RHSA-2025:1191)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1191 advisory. Pure-python WSGI server Security Fixes: python-waitress: request processing race condition in HTTP pipelining with invalid first request...
RHSA-2025:0201 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-waitress) security update
Bulletin has no description...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-waitress) security update
An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 Train for Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion
A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-waitress) (RHSA-2025:0201)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:0201 advisory. Pure-python WSGI server Security Fixes: python-waitress: request processing race condition in HTTP pipelining with invalid first request...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion
A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...
Important: python-waitress
Issue Overview: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more...
Important: python-waitress
Issue Overview: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-waitress (SUSE-SU-2024:4107-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4107-1 advisory. - CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up bsc1232554 Tenable ha...
Amazon Linux 2023 : python3-waitress (ALAS2023-2024-773)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-773 advisory. Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using...
The vulnerability of the channel_request_lookahead() function in the WSGI server for Python Waitress allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the channelrequestlookahead function in the WSGI server for Python Waitress is related to synchronization errors when using shared resources due to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP request...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
SUSE: Security Advisory (SUSE-SU-2024:4107-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for python-waitress
This update for python-waitress fixes the following issues: CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up bsc1232554 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2024:4107-1 Security update for python-waitress
This update for python-waitress fixes the following issues: - CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up bsc1232554...
[SECURITY] Fedora 40 Update: mingw-python-waitress-2.1.2-7.fc40
MinGW Windows Python waitress library...