VYPR

rpm package

suse/python-waitress&distro=SUSE Linux Enterprise Server for SAP Applications 15

pkg:rpm/suse/python-waitress&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Vulnerabilities (5)

  • CVE-2022-24761HigMar 17, 2022
    affected < 1.4.3-150000.3.6.1fixed 1.4.3-150000.3.6.1

    Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one requ

  • CVE-2019-16792HigJan 22, 2020
    affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1

    Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally.

  • CVE-2019-16789HigDec 26, 2019
    affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1

    In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests contain

  • CVE-2019-16786HigDec 20, 2019
    affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1

    Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separ

  • CVE-2019-16785HigDec 20, 2019
    affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1

    Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if