CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 73.9%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 5.0

References

Products affected by CVE-2019-16792

Agendaless » Waitress » Version: N/A

cpe:2.3:a:agendaless:waitress:-
Agendaless » Waitress » Version: 0.1

cpe:2.3:a:agendaless:waitress:0.1
Agendaless » Waitress » Version: 0.2

cpe:2.3:a:agendaless:waitress:0.2
Agendaless » Waitress » Version: 0.3

cpe:2.3:a:agendaless:waitress:0.3
Agendaless » Waitress » Version: 0.4

cpe:2.3:a:agendaless:waitress:0.4
Agendaless » Waitress » Version: 0.5

cpe:2.3:a:agendaless:waitress:0.5
Agendaless » Waitress » Version: 0.6

cpe:2.3:a:agendaless:waitress:0.6
Agendaless » Waitress » Version: 0.6.1

cpe:2.3:a:agendaless:waitress:0.6.1
Agendaless » Waitress » Version: 0.7

cpe:2.3:a:agendaless:waitress:0.7
Agendaless » Waitress » Version: 0.8

cpe:2.3:a:agendaless:waitress:0.8
Agendaless » Waitress » Version: 0.8.1

cpe:2.3:a:agendaless:waitress:0.8.1
Agendaless » Waitress » Version: 0.8.10

cpe:2.3:a:agendaless:waitress:0.8.10
Agendaless » Waitress » Version: 0.8.11

cpe:2.3:a:agendaless:waitress:0.8.11
Agendaless » Waitress » Version: 0.8.2

cpe:2.3:a:agendaless:waitress:0.8.2
Agendaless » Waitress » Version: 0.8.3

cpe:2.3:a:agendaless:waitress:0.8.3
Agendaless » Waitress » Version: 0.8.4

cpe:2.3:a:agendaless:waitress:0.8.4
Agendaless » Waitress » Version: 0.8.5

cpe:2.3:a:agendaless:waitress:0.8.5
Agendaless » Waitress » Version: 0.8.6

cpe:2.3:a:agendaless:waitress:0.8.6
Agendaless » Waitress » Version: 0.8.7

cpe:2.3:a:agendaless:waitress:0.8.7
Agendaless » Waitress » Version: 0.8.8

cpe:2.3:a:agendaless:waitress:0.8.8
Agendaless » Waitress » Version: 0.8.9

cpe:2.3:a:agendaless:waitress:0.8.9
Agendaless » Waitress » Version: 0.9.0

cpe:2.3:a:agendaless:waitress:0.9.0
Agendaless » Waitress » Version: 1.0.0

cpe:2.3:a:agendaless:waitress:1.0.0
Agendaless » Waitress » Version: 1.0.1

cpe:2.3:a:agendaless:waitress:1.0.1
Agendaless » Waitress » Version: 1.0.2

cpe:2.3:a:agendaless:waitress:1.0.2
Agendaless » Waitress » Version: 1.1.0

cpe:2.3:a:agendaless:waitress:1.1.0
Agendaless » Waitress » Version: 1.2.0

cpe:2.3:a:agendaless:waitress:1.2.0
Agendaless » Waitress » Version: 1.2.1

cpe:2.3:a:agendaless:waitress:1.2.1
Agendaless » Waitress » Version: 1.3.0

cpe:2.3:a:agendaless:waitress:1.3.0
Agendaless » Waitress » Version: 1.3.1

cpe:2.3:a:agendaless:waitress:1.3.1
Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.10.0

cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16792

Products

Pricing

Contact Us