Skip to main content

Waitress

8 CVEs product

Monthly

CVE-2024-49769 PyPI HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-49768 PyPI MEDIUM PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-31015 PyPI MEDIUM POC PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-24761 PyPI HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling Waitress Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-5236 PyPI MEDIUM PATCH This Month

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Waitress
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-16789 PyPI HIGH PATCH This Week

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Waitress Communications Cloud Native Core Network Function Cloud Native Environment Debian Linux +2
NVD GitHub
CVSS 3.1
8.2
EPSS
2.6%
CVE-2019-16786 PyPI HIGH PATCH This Week

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Waitress Communications Cloud Native Core Network Function Cloud Native Environment Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-16785 PyPI HIGH POC PATCH This Week

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Waitress Communications Cloud Native Core Network Function Cloud Native Environment Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Waitress
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Waitress
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Information Disclosure Waitress
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Waitress
NVD GitHub
EPSS 3% CVSS 8.2
HIGH PATCH This Week

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Waitress +4
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Waitress +4
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Waitress +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy