{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-1135", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-01-31T18:15:14.296Z", "datePublished": "2024-04-16T00:00:14.938Z", "dateUpdated": "2024-08-01T18:26:30.502Z"}, "containers": {"cna": {"title": "HTTP Request Smuggling in benoitc/gunicorn", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T00:00:14.938Z"}, "descriptions": [{"lang": "en", "value": "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure."}], "affected": [{"vendor": "benoitc", "product": "benoitc/gunicorn", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests", "cweId": "CWE-444"}]}], "source": {"advisory": "22158e34-cfd5-41ad-97e0-a780773d96c1", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1135", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-19T17:32:23.631972Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:benoitc:gunicorn:*:*:*:*:*:*:*:*"], "vendor": "benoitc", "product": "gunicorn", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:59:56.871Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.502Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.502Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1135", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-19T17:32:23.631972Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:benoitc:gunicorn:*:*:*:*:*:*:*:*"], "vendor": "benoitc", "product": "gunicorn", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-19T17:41:03.802Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "HTTP Request Smuggling in benoitc/gunicorn", "source": {"advisory": "22158e34-cfd5-41ad-97e0-a780773d96c1", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "benoitc", "product": "benoitc/gunicorn", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html"}], "descriptions": [{"lang": "en", "value": "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T00:00:14.938Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1135", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:26:30.502Z", "dateReserved": "2024-01-31T18:15:14.296Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-04-16T00:00:14.938Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure."}, {"lang": "es", "value": "Gunicorn no puede validar correctamente los encabezados Transfer-Encoding, lo que genera vulnerabilidades de contrabando de solicitudes HTTP (HRS). Al manipular solicitudes con encabezados Transfer-Encoding conflictivos, los atacantes pueden eludir las restricciones de seguridad y acceder a endpoints restringidos. Este problema se debe al manejo que hace Gunicorn de los encabezados Transfer-Encoding, donde procesa incorrectamente solicitudes con m\u00faltiples encabezados Transfer-Encoding conflictivos, trat\u00e1ndolos como fragmentados independientemente de la codificaci\u00f3n final especificada. Esta vulnerabilidad permite una variedad de ataques que incluyen envenenamiento de cach\u00e9, manipulaci\u00f3n de sesiones y exposici\u00f3n de datos."}], "id": "CVE-2024-1135", "lastModified": "2024-06-30T23:15:02.563", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-04-16T00:15:07.797", "references": [{"source": "security@huntr.dev", "url": "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1"}, {"source": "security@huntr.dev", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3781", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "python3x-gunicorn-0:22.0.0-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-06-10T00:00:00Z"}, {"advisory": "RHSA-2024:3781", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "python-gunicorn-0:22.0.0-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-06-10T00:00:00Z"}, {"advisory": "RHSA-2024:3713", "cpe": "cpe:/a:redhat:openshift:4.12::el9", "package": "openshift4/ose-ironic-rhel9:v4.12.0-202406060836.p0.g9a3e609.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2024-06-12T00:00:00Z"}, {"advisory": "RHSA-2024:2875", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-ironic-rhel9:v4.13.0-202405072309.p0.g881e793.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3331", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "openshift4/ose-ironic-rhel9:v4.14.0-202405161337.p0.g62ee6d0.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:3327", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-ironic-rhel9:v4.15.0-202405161507.p0.ge2415c8.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:4054", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "python-gunicorn-0:19.9.0-11.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2024-06-24T00:00:00Z"}, {"advisory": "RHSA-2024:2727", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "python-gunicorn-0:20.0.4-7.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2024-05-22T00:00:00Z"}], "bugzilla": {"description": "python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers", "id": "2275280", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275280"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-444", "details": ["Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.", "An HTTP Request Smuggling vulnerability was found in Gunicorn. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks, including cache poisoning, session manipulation, and data exposure."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2024-1135", "package_state": [{"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Will not fix", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "python-gunicorn", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Out of support scope", "package_name": "python-gunicorn", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "python-gunicorn", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "python-gunicorn", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "graphite-web", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:rhui:4::el8", "fix_state": "Affected", "package_name": "python-gunicorn", "product_name": "Red Hat Update Infrastructure 4 for Cloud Providers"}], "public_date": "2024-04-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1135\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1135\nhttps://github.com/advisories/GHSA-w3h3-4rj7-4ph4\nhttps://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d\nhttps://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1"], "threat_severity": "Important", "upstream_fix": "gunicorn 22.0.0"}