CVE-2024-1135 Impact of CVE-2024-1135

Palo Alto Networks Security Advisories / CVE-2024-1135

CVE-2024-1135 Impact of CVE-2024-1135

Urgency MODERATE

Severity 6.6 · MEDIUM

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density DIFFUSE

Attack Vector NETWORK

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction NONE

Product Confidentiality NONE

Product Integrity HIGH

Product Availability NONE

Privileges Required NONE

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

CVE JSON CSAF

Published 2025-02-12

Updated 2025-02-12

Reference CRTX-147813, CRTX-142149

Discovered externally

Description

The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-1135 as it applies to our products.
The Broker VM used in following products is vulnerable to CVE-2024-1135:

Cortex XDR
Cortex XSIAM

CVE	Summary
CVE-2024-1135	Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.

CVE

Summary

CVE-2024-1135

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.

Product Status

Versions	Affected	Unaffected
Cortex XDR Broker VM	< 25.105.6	>= 25.105.6

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.6 / CVSS-B: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CAPEC-105 HTTP Request Splitting

Solution

This issue is fixed in Broker VM 25.105.6 and all later versions of Broker VM. If you have enabled automatic upgrades for Broker VM, no action is needed. We recommend enabling automatic upgrades for Broker VM to ensure you always have the latest security patches installed.

Workarounds and Mitigations

No workaround or mitigation is available.

Acknowledgments

Palo Alto Networks thanks Yadhu Krishna M for discovering and reporting this issue to Gunicorn. Palo Alto Networks thanks Bartosz Chałek and Piotr Kozowicz of CERT Team of ING Bank Slaski for reporting to us that our product is vulnerable to this issue.