Rapid7 Vulnerability & Exploit Database

Oracle Solaris 11: CVE-2019-16789: Vulnerability in Waitress

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Solaris 11: CVE-2019-16789: Vulnerability in Waitress

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
12/26/2019
Created
01/20/2021
Added
01/19/2021
Modified
02/17/2022

Description

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.

Solution(s)

  • oracle-solaris-11-4-upgrade-legacy-library-python-waitress-34-1-4-3-11-4-21-0-1-69-0
  • oracle-solaris-11-4-upgrade-legacy-library-python-waitress-35-1-4-3-11-4-21-0-1-69-0
  • oracle-solaris-11-4-upgrade-library-python-2-waitress-0-8-5-11-4-0-0-1-9-0
  • oracle-solaris-11-4-upgrade-library-python-2-waitress-26-0-8-5-11-4-0-0-1-9-0
  • oracle-solaris-11-4-upgrade-library-python-2-waitress-27-0-8-5-11-4-0-0-1-9-0
  • oracle-solaris-11-4-upgrade-library-python-waitress-1-4-3-11-4-21-0-1-69-0
  • oracle-solaris-11-4-upgrade-library-python-waitress-26-0-8-5-11-4-0-0-1-9-0
  • oracle-solaris-11-4-upgrade-library-python-waitress-27-1-4-3-11-4-21-0-1-69-0
  • oracle-solaris-11-4-upgrade-library-python-waitress-34-1-4-3-11-4-21-0-1-69-0
  • oracle-solaris-11-4-upgrade-library-python-waitress-35-1-4-3-11-4-21-0-1-69-0

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;