 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.893000 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DLA-3000-1) |
| Summary: | The remote host is missing an update for the Debian 'waitress' package(s) announced via the DLA-3000-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'waitress' package(s) announced via the DLA-3000-1 advisory. Vulnerability Insight: Waitress is a Python WSGI server, an application server for Python web apps. Security updates to fix request smuggling bugs, when combined with another http proxy that interprets requests differently. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This can result in cache poisoning or unexpected information disclosure. CVE-2019-16785 Only recognise CRLF as a line-terminator, not a plain LF. Before this change waitress could see two requests where the front-end proxy only saw one. CVE-2019-16786 Waitress would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. CVE-2019-16789 Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. CVE-2019-16792 If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. CVE-2022-24761 There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's int() to parse strings into integers, leading to +10 to be parsed as 10, or 0x01 to be parsed as 1, where as the standard specifies that the string should contain only digits or hex digits. Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. For Debian 9 stretch, these problems have been fixed in version 1.0.1-1+deb9u1. We recommend that you upgrade your waitress packages. For the detailed security status of waitress please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'waitress' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-16785 https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/ https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html RedHat Security Advisories: RHSA-2020:0720 https://access.redhat.com/errata/RHSA-2020:0720 Common Vulnerability Exposure (CVE) ID: CVE-2019-16786 https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3 Common Vulnerability Exposure (CVE) ID: CVE-2019-16789 https://github.com/github/advisory-review/pull/14604 https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017 Common Vulnerability Exposure (CVE) ID: CVE-2019-16792 https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6 https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65 Common Vulnerability Exposure (CVE) ID: CVE-2022-24761 https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 Debian Security Information: DSA-5138 (Google Search) https://www.debian.org/security/2022/dsa-5138 https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 https://github.com/Pylons/waitress/releases/tag/v2.1.1 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |