CVE-2024-1135

2024-04-1600:00:00

ubuntu.com

gunicorn

transfer-encoding headers

http request smuggling

security restrictions

cache poisoning

session manipulation

data exposure

cve-2024-1135

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Gunicorn fails to properly validate Transfer-Encoding headers, leading to
HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with
conflicting Transfer-Encoding headers, attackers can bypass security
restrictions and access restricted endpoints. This issue is due to
Gunicorn’s handling of Transfer-Encoding headers, where it incorrectly
processes requests with multiple, conflicting Transfer-Encoding headers,
treating them as chunked regardless of the final encoding specified. This
vulnerability allows for a range of attacks including cache poisoning,
session manipulation, and data exposure.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069126>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchgunicorn< anyUNKNOWN
ubuntu20.04noarchgunicorn< anyUNKNOWN
ubuntu22.04noarchgunicorn< anyUNKNOWN
ubuntu23.10noarchgunicorn< anyUNKNOWN
ubuntu24.04noarchgunicorn< anyUNKNOWN
ubuntu14.04noarchgunicorn< anyUNKNOWN
ubuntu16.04noarchgunicorn< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	gunicorn	< any	UNKNOWN
ubuntu	20.04	noarch	gunicorn	< any	UNKNOWN
ubuntu	22.04	noarch	gunicorn	< any	UNKNOWN
ubuntu	23.10	noarch	gunicorn	< any	UNKNOWN
ubuntu	24.04	noarch	gunicorn	< any	UNKNOWN
ubuntu	14.04	noarch	gunicorn	< any	UNKNOWN
ubuntu	16.04	noarch	gunicorn	< any	UNKNOWN