CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn

2024-04-1600:00:14

CWE-444

@huntr_ai

github.com

cve-2024-1135

http request smuggling

gunicorn

hrs vulnerabilities

transfer-encoding headers

security restrictions

cache poisoning

session manipulation

data exposure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

JSON

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn’s handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.

CNA Affected

[
  {
    "vendor": "benoitc",
    "product": "benoitc/gunicorn",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]