cnvd - cnvd-2022-21483

cnvd-2022-21483

Vulnerability from cnvd

Title: Waitress环境问题漏洞（CNVD-2022-21483）

Description:

Waitress是一款用于Python的WSGI（Web服务器网关接口）服务器。

Waitress 2.1.0及其之前版本存在环境问题漏洞，该漏洞源于软件代理无法正确验证传入的 HTTP请求是否符合标准，该漏洞允许通过前端代理走私到Waitress和其之后的行为。目前没有详细的漏洞细节提供。

Severity: 高

Patch Name: Waitress环境问题漏洞（CNVD-2022-21483）的补丁

Patch Description:

Waitress是一款用于Python的WSGI（Web服务器网关接口）服务器。

Waitress 2.1.0及其之前版本存在环境问题漏洞，该漏洞源于软件代理无法正确验证传入的 HTTP请求是否符合标准，该漏洞允许通过前端代理走私到Waitress和其之后的行为。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-24761

Impacted products

Name
Waitress Waitress <=2.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24761"
    }
  },
  "description": "Waitress\u662f\u4e00\u6b3e\u7528\u4e8ePython\u7684WSGI\uff08Web\u670d\u52a1\u5668\u7f51\u5173\u63a5\u53e3\uff09\u670d\u52a1\u5668\u3002\n\nWaitress 2.1.0\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u4ee3\u7406\u65e0\u6cd5\u6b63\u786e\u9a8c\u8bc1\u4f20\u5165\u7684 HTTP\u8bf7\u6c42\u662f\u5426\u7b26\u5408\u6807\u51c6\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u901a\u8fc7\u524d\u7aef\u4ee3\u7406\u8d70\u79c1\u5230Waitress\u548c\u5176\u4e4b\u540e\u7684\u884c\u4e3a\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-21483",
  "openTime": "2022-03-22",
  "patchDescription": "Waitress\u662f\u4e00\u6b3e\u7528\u4e8ePython\u7684WSGI\uff08Web\u670d\u52a1\u5668\u7f51\u5173\u63a5\u53e3\uff09\u670d\u52a1\u5668\u3002\r\n\r\nWaitress 2.1.0\u53ca\u5176\u4e4b\u524d\u7248\u672c\u5b58\u5728\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u4ee3\u7406\u65e0\u6cd5\u6b63\u786e\u9a8c\u8bc1\u4f20\u5165\u7684 HTTP\u8bf7\u6c42\u662f\u5426\u7b26\u5408\u6807\u51c6\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u901a\u8fc7\u524d\u7aef\u4ee3\u7406\u8d70\u79c1\u5230Waitress\u548c\u5176\u4e4b\u540e\u7684\u884c\u4e3a\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Waitress\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2022-21483\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Waitress Waitress \u003c=2.1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-24761",
  "serverity": "\u9ad8",
  "submitTime": "2022-03-18",
  "title": "Waitress\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2022-21483\uff09"
}

CVE-2022-24761 (GCVE-0-2022-24761)

Vulnerability from cvelistv5

Published

2022-03-17 12:40

Modified

2025-04-23 18:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Summary

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.

References

▼	URL	Tags
	https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36	x_refsource_CONFIRM
	https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0	x_refsource_MISC
	https://github.com/Pylons/waitress/releases/tag/v2.1.1	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2022/dsa-5138	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	Pylons	waitress	Version: < 2.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Pylons/waitress/releases/tag/v2.1.1"
          },
          {
            "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html"
          },
          {
            "name": "DSA-5138",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5138"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24761",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:56:44.133820Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:46:46.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "waitress",
          "vendor": "Pylons",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python\u0027s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-18T14:06:11.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Pylons/waitress/releases/tag/v2.1.1"
        },
        {
          "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html"
        },
        {
          "name": "DSA-5138",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5138"
        }
      ],
      "source": {
        "advisory": "GHSA-4f7p-27jc-3c36",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP Request Smuggling in waitress",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24761",
          "STATE": "PUBLIC",
          "TITLE": "HTTP Request Smuggling in waitress"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "waitress",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pylons"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python\u0027s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36",
              "refsource": "CONFIRM",
              "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36"
            },
            {
              "name": "https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0",
              "refsource": "MISC",
              "url": "https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0"
            },
            {
              "name": "https://github.com/Pylons/waitress/releases/tag/v2.1.1",
              "refsource": "MISC",
              "url": "https://github.com/Pylons/waitress/releases/tag/v2.1.1"
            },
            {
              "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html"
            },
            {
              "name": "DSA-5138",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5138"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4f7p-27jc-3c36",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24761",
    "datePublished": "2022-03-17T12:40:10.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:46:46.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted