CVE-2024-1135

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1
https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html
Configurations

No configuration.

History

30 Jun 2024, 23:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html -
Summary
  • (es) Gunicorn no puede validar correctamente los encabezados Transfer-Encoding, lo que genera vulnerabilidades de contrabando de solicitudes HTTP (HRS). Al manipular solicitudes con encabezados Transfer-Encoding conflictivos, los atacantes pueden eludir las restricciones de seguridad y acceder a endpoints restringidos. Este problema se debe al manejo que hace Gunicorn de los encabezados Transfer-Encoding, donde procesa incorrectamente solicitudes con múltiples encabezados Transfer-Encoding conflictivos, tratándolos como fragmentados independientemente de la codificación final especificada. Esta vulnerabilidad permite una variedad de ataques que incluyen envenenamiento de caché, manipulación de sesiones y exposición de datos.

16 Apr 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-16 00:15

Updated : 2024-06-30 23:15

NVD link : CVE-2024-1135

Mitre link : CVE-2024-1135

CVE.ORG link : CVE-2024-1135

JSON object : View

Products Affected

No product.

CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')