Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.892056 |
Categoría: | Debian Local Security Checks |
Título: | Debian LTS: Security Advisory for waitress (DLA-2056-1) |
Resumen: | The remote host is missing an update for the 'waitress'; package(s) announced via the DLA-2056-1 advisory. |
Descripción: | Summary: The remote host is missing an update for the 'waitress' package(s) announced via the DLA-2056-1 advisory. Vulnerability Insight: It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or information disclosure. Affected Software/OS: 'waitress' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', this issue has been fixed in waitress version 0.8.9-2+deb8u1. We recommend that you upgrade your waitress packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-16789 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |