CVE-2019-16792

Name of the Vulnerable Software and Affected Versions Waitress versions 1.3.1 and earlier

Description The issue is related to the incorrect handling of repeated Content-Length headers in Waitress, allowing request smuggling. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This can be exploited by sending a request with two Content-Length headers, which would get transformed into a comma-separated value that Waitress cannot cast to an integer, resulting in a Content-Length of 0 internally.

Recommendations For Waitress versions 1.3.1 and earlier, upgrade to Waitress 1.4.0 to fix the issue. As a temporary workaround, consider using a reverse proxy with protections against sending potentially bad HTTP requests to the backend, or hardening against potential issues like this. Restrict access to Waitress to minimize the risk of exploitation until the issue is resolved.