 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2020.0083 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2020-0083) |
| Zusammenfassung: | The remote host is missing an update for the 'python-waitress' package(s) announced via the MGASA-2020-0083 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'python-waitress' package(s) announced via the MGASA-2020-0083 advisory. Vulnerability Insight: Updated python-waitress packages fix security vulnerabilities: If a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message (CVE-2019-16785). Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining (CVE-2019-16786). In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure (CVE-2019-16789). Affected Software/OS: 'python-waitress' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-16785 https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/ https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html RedHat Security Advisories: RHSA-2020:0720 https://access.redhat.com/errata/RHSA-2020:0720 Common Vulnerability Exposure (CVE) ID: CVE-2019-16786 https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3 Common Vulnerability Exposure (CVE) ID: CVE-2019-16789 https://github.com/github/advisory-review/pull/14604 https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |