CVE-2019-16786

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:agendaless:waitress:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*

Information

Published : 2019-12-20 15:15

Updated : 2022-09-23 11:58


NVD link : CVE-2019-16786

Mitre link : CVE-2019-16786


JSON object : View

CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Advertisement

dedicated server usa

Products Affected

oracle

  • communications_cloud_native_core_network_function_cloud_native_environment

redhat

  • openstack

fedoraproject

  • fedora

agendaless

  • waitress

debian

  • debian_linux