Inconsistent interpretation of HTTP requests in waitress - CVE-2019-16792
Published: August 20, 2023
Vulnerability identifier: #VU79727
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-16792
CWE-ID: CWE-444
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Pylons Project
Affected software:
waitress
waitress
Detailed vulnerability description
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request with a double Content-Length header to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
How to mitigate CVE-2019-16792
Install updates from vendor's website.
Sources
- https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
- https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
- https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html