CVE-2019-16792 in Ubuntu

CVE-2019-16792

Priority

Description

Waitress through version 1.3.1 allows request smuggling by sending the
Content-Length header twice. Waitress would header fold a double
Content-Length header and due to being unable to cast the now comma
separated value to an integer would set the Content-Length to 0 internally.
If two Content-Length headers are sent in a single request, Waitress would
treat the request as having no body, thereby treating the body of the
request as a new request in HTTP pipelining. This issue is fixed in
Waitress 1.4.0.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16792
https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes

Notes

Package

Source: waitress (LP Ubuntu Debian)

Upstream:	released (1.4.1-1)
Ubuntu 18.04 LTS:	needs-triage
Ubuntu 20.04 LTS:	not-affected (1.4.1-1)
Ubuntu 21.10:	not-affected (1.4.1-1)
Ubuntu 16.04 ESM:	needs-triage
Ubuntu 22.04 LTS:	not-affected (1.4.1-1)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65

More Information

Updated: 2022-04-25 00:37:47 UTC (commit ecc1009cb19540b950de59270950018900f37f15)