{ "threat_severity" : "Important", "public_date" : "2024-04-15T00:00:00Z", "bugzilla" : { "description" : "python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers", "id" : "2275280", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275280" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-444", "details" : [ "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.", "An HTTP Request Smuggling vulnerability was found in Gunicorn. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks, including cache poisoning, session manipulation, and data exposure." ], "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date" : "2024-06-10T00:00:00Z", "advisory" : "RHSA-2024:3781", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package" : "python3x-gunicorn-0:22.0.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date" : "2024-06-10T00:00:00Z", "advisory" : "RHSA-2024:3781", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package" : "python-gunicorn-0:22.0.0-1.el9ap" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-06-12T00:00:00Z", "advisory" : "RHSA-2024:3713", "cpe" : "cpe:/a:redhat:openshift:4.12::el9", "package" : "openshift4/ose-ironic-rhel9:v4.12.0-202406060836.p0.g9a3e609.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-05-23T00:00:00Z", "advisory" : "RHSA-2024:2875", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "openshift4/ose-ironic-rhel9:v4.13.0-202405072309.p0.g881e793.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-05-30T00:00:00Z", "advisory" : "RHSA-2024:3331", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "openshift4/ose-ironic-rhel9:v4.14.0-202405161337.p0.g62ee6d0.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-05-29T00:00:00Z", "advisory" : "RHSA-2024:3327", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "openshift4/ose-ironic-rhel9:v4.15.0-202405161507.p0.ge2415c8.assembly.stream.el9" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2024-06-24T00:00:00Z", "advisory" : "RHSA-2024:4054", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "python-gunicorn-0:19.9.0-11.el8ost" }, { "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:2727", "cpe" : "cpe:/a:redhat:openstack:17.1::el9", "package" : "python-gunicorn-0:20.0.4-7.el9ost" }, { "product_name" : "Red Hat Satellite 6.15 for RHEL 8", "release_date" : "2024-10-10T00:00:00Z", "advisory" : "RHSA-2024:7987", "cpe" : "cpe:/a:redhat:satellite:6.15::el8", "package" : "python-gunicorn-0:22.0.0-1.el8pc" }, { "product_name" : "Red Hat Satellite 6.15 for RHEL 8", "release_date" : "2024-10-10T00:00:00Z", "advisory" : "RHSA-2024:7987", "cpe" : "cpe:/a:redhat:satellite_capsule:6.15::el8", "package" : "python-gunicorn-0:22.0.0-1.el8pc" }, { "product_name" : "RHUI 4 for RHEL 8", "release_date" : "2025-02-12T00:00:00Z", "advisory" : "RHSA-2025:1335", "cpe" : "cpe:/a:redhat:rhui:4::el8", "package" : "python-gunicorn-0:22.0.0-1.0.1.el8ui" } ], "package_state" : [ { "product_name" : "Red Hat Discovery 1", "fix_state" : "Not affected", "package_name" : "discovery-server-container", "cpe" : "cpe:/a:redhat:discovery:1" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "python-gunicorn", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "fix_state" : "Out of support scope", "package_name" : "python-gunicorn", "cpe" : "cpe:/a:redhat:openstack:16.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Affected", "package_name" : "python-gunicorn", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Out of support scope", "package_name" : "graphite-web", "cpe" : "cpe:/a:redhat:storage:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-1135\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1135\nhttps://github.com/advisories/GHSA-w3h3-4rj7-4ph4\nhttps://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d\nhttps://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1" ], "name" : "CVE-2024-1135", "mitigation" : { "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang" : "en:us" }, "csaw" : false }