Bug 2065086 (CVE-2022-24761) - CVE-2022-24761 waitress: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Summary: CVE-2022-24761 waitress: Inconsistent Interpretation of HTTP Requests ('HTTP ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-24761
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2065790 2065791 2065792 2065795 2124988 2124989 2124990 2065796 2065797 2065798 2065799 2099298
Blocks: 2065087
TreeView+ depends on / blocked
 
Reported: 2022-03-17 10:36 UTC by TEJ RATHI
Modified: 2022-09-07 16:32 UTC (History)
21 users (show)

Fixed In Version: waitress 2.1.1
Doc Type: If docs needed, set a value
Doc Text:
An Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) flaw was found in Waitress when used behind a proxy that does not properly validate the incoming HTTP request. This flaw allows an attacker to smuggle requests via the front-end proxy to Waitress, resulting in a loss of data integrity.
Clone Of:
Environment:
Last Closed: 2022-04-07 14:27:35 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:1253 0 None None None 2022-04-06 09:38:09 UTC
Red Hat Product Errata RHSA-2022:1254 0 None None None 2022-04-06 14:36:22 UTC
Red Hat Product Errata RHSA-2022:1264 0 None None None 2022-04-07 12:05:26 UTC

Description TEJ RATHI 2022-03-17 10:36:05 UTC
When using Waitress behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends.
This would allow requests to be smuggled via the front-end proxy to waitress and later behavior.

Affected Versions <=2.1.0.

References:
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
https://bugs.gentoo.org/835492

Comment 1 amctagga 2022-03-18 18:03:07 UTC
Created python-waitress tracking bugs for this issue:

Affects: epel-all [bug 2065791]
Affects: fedora-all [bug 2065790]
Affects: openstack-rdo [bug 2065792]

Comment 4 errata-xmlrpc 2022-04-06 09:38:06 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2022:1253 https://access.redhat.com/errata/RHSA-2022:1253

Comment 5 errata-xmlrpc 2022-04-06 14:36:19 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2022:1254 https://access.redhat.com/errata/RHSA-2022:1254

Comment 6 errata-xmlrpc 2022-04-07 12:05:24 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 - ELS

Via RHSA-2022:1264 https://access.redhat.com/errata/RHSA-2022:1264

Comment 7 Product Security DevOps Team 2022-04-07 14:27:32 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-24761


Note You need to log in before you can comment on or make changes to this bug.