Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-16789

Good to know:

icon
icon

Date: December 26, 2019

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.

Language: Python

Severity Score

Related Resources (18)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7
https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
https://nvd.nist.gov/vuln/detail/CVE-2019-16789
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
https://github.com/Pylons/waitress
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5
https://access.redhat.com/errata/RHSA-2020:0720
https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
https://github.com/github/advisory-review/pull/14604
https://github.com/Pylons/waitress/commit/ddb65b489d01d696afa1695b75fdd5df3e4ffdf8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-138.yaml
https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/advisories/GHSA-968f-66r5-5v74
https://github.com/Pylons/waitress/security/advisories/GHSA-968f-66r5-5v74
https://www.mend.io/vulnerability-database/CVE-2019-16789

Severity Score

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CWE-444

Top Fix

icon

Upgrade Version

Upgrade to version v1.4.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us