SUSE update for uwsgi
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-24795 |
| CWE-ID | CWE-113 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system uwsgi-ldap-debuginfo Operating systems & Components / Operating system package or component uwsgi-jvm-debuginfo Operating systems & Components / Operating system package or component uwsgi-gevent-debuginfo Operating systems & Components / Operating system package or component uwsgi-glusterfs-debuginfo Operating systems & Components / Operating system package or component apache2-mod_uwsgi Operating systems & Components / Operating system package or component uwsgi-greenlet Operating systems & Components / Operating system package or component uwsgi-xslt-debuginfo Operating systems & Components / Operating system package or component uwsgi-pam Operating systems & Components / Operating system package or component uwsgi-python-debuginfo Operating systems & Components / Operating system package or component uwsgi-emperor_pg-debuginfo Operating systems & Components / Operating system package or component uwsgi-psgi-debuginfo Operating systems & Components / Operating system package or component uwsgi-gevent Operating systems & Components / Operating system package or component uwsgi-pam-debuginfo Operating systems & Components / Operating system package or component uwsgi-lua Operating systems & Components / Operating system package or component uwsgi-psgi Operating systems & Components / Operating system package or component uwsgi-python Operating systems & Components / Operating system package or component uwsgi-libffi Operating systems & Components / Operating system package or component apache2-mod_uwsgi-debuginfo Operating systems & Components / Operating system package or component uwsgi-emperor_zeromq-debuginfo Operating systems & Components / Operating system package or component uwsgi-logzmq-debuginfo Operating systems & Components / Operating system package or component uwsgi-greenlet-debuginfo Operating systems & Components / Operating system package or component uwsgi-debugsource Operating systems & Components / Operating system package or component uwsgi-php7 Operating systems & Components / Operating system package or component uwsgi-jvm Operating systems & Components / Operating system package or component uwsgi-php7-debuginfo Operating systems & Components / Operating system package or component uwsgi-python3-debuginfo Operating systems & Components / Operating system package or component uwsgi-sqlite3 Operating systems & Components / Operating system package or component uwsgi-lua-debuginfo Operating systems & Components / Operating system package or component uwsgi-emperor_zeromq Operating systems & Components / Operating system package or component uwsgi-xslt Operating systems & Components / Operating system package or component uwsgi-logzmq Operating systems & Components / Operating system package or component uwsgi-emperor_pg Operating systems & Components / Operating system package or component uwsgi-pypy Operating systems & Components / Operating system package or component uwsgi-libffi-debuginfo Operating systems & Components / Operating system package or component uwsgi-glusterfs Operating systems & Components / Operating system package or component uwsgi-python3 Operating systems & Components / Operating system package or component uwsgi Operating systems & Components / Operating system package or component uwsgi-pypy-debuginfo Operating systems & Components / Operating system package or component uwsgi-ldap Operating systems & Components / Operating system package or component uwsgi-debuginfo Operating systems & Components / Operating system package or component uwsgi-sqlite3-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) HTTP response splitting
EUVDB-ID: #VU88152
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24795
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not correctly process CRLF character sequences in multiple modules. A remote attacker can inject malicious response headers into backend applications and perform an HTTP desynchronization attack.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationUpdate the affected package uwsgi to the latest version.
Vulnerable software versionsSUSE Package Hub 15: 15-SP5 - 15-SP6
SUSE Linux Enterprise Real Time 15: SP5 - SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP5 - SP6
SUSE Linux Enterprise Server 15: SP5 - SP6
SUSE Linux Enterprise Desktop 15: SP5 - SP6
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.3
uwsgi-ldap-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-jvm-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-gevent-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-glusterfs-debuginfo: before 2.0.19.1-150300.3.3.1
apache2-mod_uwsgi: before 2.0.19.1-150300.3.3.1
uwsgi-greenlet: before 2.0.19.1-150300.3.3.1
uwsgi-xslt-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-pam: before 2.0.19.1-150300.3.3.1
uwsgi-python-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-emperor_pg-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-psgi-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-gevent: before 2.0.19.1-150300.3.3.1
uwsgi-pam-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-lua: before 2.0.19.1-150300.3.3.1
uwsgi-psgi: before 2.0.19.1-150300.3.3.1
uwsgi-python: before 2.0.19.1-150300.3.3.1
uwsgi-libffi: before 2.0.19.1-150300.3.3.1
apache2-mod_uwsgi-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-emperor_zeromq-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-logzmq-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-greenlet-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-debugsource: before 2.0.19.1-150300.3.3.1
uwsgi-php7: before 2.0.19.1-150300.3.3.1
uwsgi-jvm: before 2.0.19.1-150300.3.3.1
uwsgi-php7-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-python3-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-sqlite3: before 2.0.19.1-150300.3.3.1
uwsgi-lua-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-emperor_zeromq: before 2.0.19.1-150300.3.3.1
uwsgi-xslt: before 2.0.19.1-150300.3.3.1
uwsgi-logzmq: before 2.0.19.1-150300.3.3.1
uwsgi-emperor_pg: before 2.0.19.1-150300.3.3.1
uwsgi-pypy: before 2.0.19.1-150300.3.3.1
uwsgi-libffi-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-glusterfs: before 2.0.19.1-150300.3.3.1
uwsgi-python3: before 2.0.19.1-150300.3.3.1
uwsgi: before 2.0.19.1-150300.3.3.1
uwsgi-pypy-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-ldap: before 2.0.19.1-150300.3.3.1
uwsgi-debuginfo: before 2.0.19.1-150300.3.3.1
uwsgi-sqlite3-debuginfo: before 2.0.19.1-150300.3.3.1
CPE2.3- cpe:2.3:o:suse:suse_package_hub_15:15-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:uwsgi-ldap-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-jvm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-gevent-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-glusterfs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:apache2-mod_uwsgi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-greenlet:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-xslt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-pam:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-python-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-emperor_pg-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-psgi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-gevent:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-pam-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-lua:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-psgi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-python:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-libffi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:apache2-mod_uwsgi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-emperor_zeromq-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-logzmq-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-greenlet-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-php7:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-jvm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-php7-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-python3-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-sqlite3:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-lua-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-emperor_zeromq:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-xslt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-logzmq:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-emperor_pg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-pypy:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-libffi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-glusterfs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-python3:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-pypy-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-ldap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:uwsgi-sqlite3-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20243853-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
