ID de Prueba:	1.3.6.1.4.1.25623.1.0.892056
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for waitress (DLA-2056-1)
Resumen:	The remote host is missing an update for the 'waitress'; package(s) announced via the DLA-2056-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'waitress' package(s) announced via the DLA-2056-1 advisory. Vulnerability Insight: It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or information disclosure. Affected Software/OS: 'waitress' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', this issue has been fixed in waitress version 0.8.9-2+deb8u1. We recommend that you upgrade your waitress packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-16789
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.