Vulnerability-Lookup

CVE-2020-11077 (GCVE-0-2020-11077)

Vulnerability from cvelistv5 – Published: 2020-05-22 14:55 – Updated: 2024-08-04 11:21

Title

HTTP Smuggling via Transfer-Encoding Header in Puma

Summary

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/puma/puma/blob/master/History.…	x_refsource_MISC
	https://github.com/puma/puma/security/advisories/…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	puma	puma	Affected: < 3.12.6 Affected: >= 4.0.0, < 4.3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
          },
          {
            "name": "openSUSE-SU-2020:0990",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
          },
          {
            "name": "openSUSE-SU-2020:1001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
          },
          {
            "name": "FEDORA-2020-fe354f24e8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
          },
          {
            "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "puma",
          "vendor": "puma",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.12.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.3.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-07T12:06:27.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
        },
        {
          "name": "openSUSE-SU-2020:0990",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
        },
        {
          "name": "openSUSE-SU-2020:1001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
        },
        {
          "name": "FEDORA-2020-fe354f24e8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
        },
        {
          "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
        }
      ],
      "source": {
        "advisory": "GHSA-w64w-qqph-5gxm",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP Smuggling via Transfer-Encoding Header in Puma",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11077",
          "STATE": "PUBLIC",
          "TITLE": "HTTP Smuggling via Transfer-Encoding Header in Puma"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "puma",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.12.6"
                          },
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "puma"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22",
              "refsource": "MISC",
              "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
            },
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm",
              "refsource": "CONFIRM",
              "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
            },
            {
              "name": "openSUSE-SU-2020:0990",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
            },
            {
              "name": "openSUSE-SU-2020:1001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
            },
            {
              "name": "FEDORA-2020-fe354f24e8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
            },
            {
              "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-w64w-qqph-5gxm",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11077",
    "datePublished": "2020-05-22T14:55:13.000Z",
    "dateReserved": "2020-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:21:14.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2020-11077

Vulnerability from fkie_nvd - Published: 2020-05-22 15:15 - Updated: 2024-11-21 04:56

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html	Mailing List, Third Party Advisory
security-advisories@github.com	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html	Mailing List, Third Party Advisory
security-advisories@github.com	https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22	Release Notes
security-advisories@github.com	https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm	Vendor Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html	Mailing List, Third Party Advisory
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/

Impacted products

Vendor	Product	Version
puma	puma	*
puma	puma	*
fedoraproject	fedora	33
debian	debian_linux	9.0
opensuse	leap	15.1
opensuse	leap	15.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "94D6645C-59B2-466F-A147-B23EF284DEBA",
              "versionEndExcluding": "3.12.6",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "916E4164-0951-4145-85D6-684EF781F13A",
              "versionEndExcluding": "4.3.5",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."
    },
    {
      "lang": "es",
      "value": "En Puma (RubyGem) versiones anteriores a 4.3.5 y 3.12.6, un cliente podr\u00eda hacer pasar sin autorizaci\u00f3n una petici\u00f3n por medio de un proxy, causando que el proxy env\u00ede una respuesta a otro cliente desconocido. Si el proxy usa conexiones persistentes y el cliente agrega otra petici\u00f3n por medio de la canalizaci\u00f3n HTTP, el proxy puede confundirlo como el cuerpo de la primera petici\u00f3n. Sin embargo, Puma lo ver\u00eda como dos peticiones y, al procesar la segunda petici\u00f3n, devolver\u00eda una respuesta que el proxy no espera. Si el proxy ha reutilizado la conexi\u00f3n persistente a Puma para enviar otra petici\u00f3n para un cliente diferente, la segunda respuesta desde el primer cliente ser\u00e1 enviada al segundo cliente. Esta es una vulnerabilidad similar pero diferente de CVE-2020-11076. El problema se ha corregido en Puma versi\u00f3n 3.12.6 y Puma versi\u00f3n 4.3.5."
    }
  ],
  "id": "CVE-2020-11077",
  "lastModified": "2024-11-21T04:56:44.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-22T15:15:11.507",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-31667

Vulnerability from cnvd - Published: 2020-06-04

Title

Puma环境错误漏洞

Description

Puma是美国Evan Phoenix软件开发者的一款针对高并发应用的Web服务器。 Puma存在环境错误漏洞。攻击者可利用该漏洞实施HTTP走私攻击。

Severity

中

Patch Name

Puma环境错误漏洞的补丁

Patch Description

Puma是美国Evan Phoenix软件开发者的一款针对高并发应用的Web服务器。 Puma存在环境错误漏洞。攻击者可利用该漏洞实施HTTP走私攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-11077

Impacted products

Name
['Puma Puma (RubyGem) <4.3.5', 'Puma Puma (RubyGem) <3.12.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11077"
    }
  },
  "description": "Puma\u662f\u7f8e\u56fdEvan Phoenix\u8f6f\u4ef6\u5f00\u53d1\u8005\u7684\u4e00\u6b3e\u9488\u5bf9\u9ad8\u5e76\u53d1\u5e94\u7528\u7684Web\u670d\u52a1\u5668\u3002\n\nPuma\u5b58\u5728\u73af\u5883\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bdHTTP\u8d70\u79c1\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31667",
  "openTime": "2020-06-04",
  "patchDescription": "Puma\u662f\u7f8e\u56fdEvan Phoenix\u8f6f\u4ef6\u5f00\u53d1\u8005\u7684\u4e00\u6b3e\u9488\u5bf9\u9ad8\u5e76\u53d1\u5e94\u7528\u7684Web\u670d\u52a1\u5668\u3002\r\n\r\nPuma\u5b58\u5728\u73af\u5883\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bdHTTP\u8d70\u79c1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Puma\u73af\u5883\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Puma Puma (RubyGem) \u003c4.3.5",
      "Puma Puma (RubyGem) \u003c3.12.6"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11077",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-25",
  "title": "Puma\u73af\u5883\u9519\u8bef\u6f0f\u6d1e"
}

GSD-2020-11077

Vulnerability from gsd - Updated: 2020-05-22 00:00

Details

### Impact This is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. ### Patches The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

Aliases

CVE-2020-11077

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11077",
    "description": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.",
    "id": "GSD-2020-11077",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-11077.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "puma",
            "purl": "pkg:gem/puma"
          }
        }
      ],
      "aliases": [
        "CVE-2020-11077",
        "GHSA-w64w-qqph-5gxm"
      ],
      "details": "### Impact\n\nThis is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4.\n\nA client could smuggle a request through a proxy, causing the proxy to send a response\nback to another unknown client.\n\nIf the proxy uses persistent connections and the client adds another request in via HTTP\npipelining, the proxy may mistake it as the first request\u0027s body. Puma, however,\nwould see it as two requests, and when processing the second request, send back\na response that the proxy does not expect. If the proxy has reused the persistent\nconnection to Puma to send another request for a different client, the second response\nfrom the first client will be sent to the second client.\n\n### Patches\n\nThe problem has been fixed in Puma 3.12.6 and Puma 4.3.5.",
      "id": "GSD-2020-11077",
      "modified": "2020-05-22T00:00:00.000Z",
      "published": "2020-05-22T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 6.8,
          "type": "CVSS_V3"
        }
      ],
      "summary": "HTTP Smuggling via Transfer-Encoding Header in Puma"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11077",
        "STATE": "PUBLIC",
        "TITLE": "HTTP Smuggling via Transfer-Encoding Header in Puma"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "puma",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 3.12.6"
                        },
                        {
                          "version_value": "\u003e= 4.0.0, \u003c 4.3.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "puma"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22",
            "refsource": "MISC",
            "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
          },
          {
            "name": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm",
            "refsource": "CONFIRM",
            "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
          },
          {
            "name": "openSUSE-SU-2020:0990",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
          },
          {
            "name": "openSUSE-SU-2020:1001",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
          },
          {
            "name": "FEDORA-2020-fe354f24e8",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
          },
          {
            "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-w64w-qqph-5gxm",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2020-11077",
      "cvss_v3": 6.8,
      "date": "2020-05-22",
      "description": "### Impact\n\nThis is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4.\n\nA client could smuggle a request through a proxy, causing the proxy to send a response\nback to another unknown client.\n\nIf the proxy uses persistent connections and the client adds another request in via HTTP\npipelining, the proxy may mistake it as the first request\u0027s body. Puma, however,\nwould see it as two requests, and when processing the second request, send back\na response that the proxy does not expect. If the proxy has reused the persistent\nconnection to Puma to send another request for a different client, the second response\nfrom the first client will be sent to the second client.\n\n### Patches\n\nThe problem has been fixed in Puma 3.12.6 and Puma 4.3.5.",
      "gem": "puma",
      "ghsa": "w64w-qqph-5gxm",
      "patched_versions": [
        "~\u003e 3.12.6",
        "\u003e= 4.3.5"
      ],
      "title": "HTTP Smuggling via Transfer-Encoding Header in Puma",
      "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=3.0.0 \u003c3.12.6||\u003e=4.0.0 \u003c4.3.5",
          "affected_versions": "All versions starting from 3.0.0 before 3.12.6, all versions starting from 4.0.0 before 4.3.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-444",
            "CWE-937"
          ],
          "date": "2020-10-07",
          "description": "In GitLab Puma (RubyGem), a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.",
          "fixed_versions": [
            "4.3.5.gitlab.3"
          ],
          "identifier": "CVE-2020-11077",
          "identifiers": [
            "CVE-2020-11077",
            "GHSA-w64w-qqph-5gxm"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.12.6 before 4.0.0, all versions starting from 4.3.5",
          "package_slug": "gem/gitlab-puma",
          "pubdate": "2020-05-22",
          "solution": "Upgrade to version 4.3.5.gitlab.3 or above.",
          "title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-11077"
          ],
          "uuid": "d98a909b-7ccd-4086-b7ab-54829322f8ee"
        },
        {
          "affected_range": "\u003e=3.0.0 \u003c3.12.6||\u003e=4.0.0 \u003c4.3.5",
          "affected_versions": "All versions starting from 3.0.0 before 3.12.6, all versions starting from 4.0.0 before 4.3.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-444",
            "CWE-937"
          ],
          "date": "2020-10-07",
          "description": " In Puma (RubyGem), a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.",
          "fixed_versions": [
            "3.12.6",
            "4.3.5"
          ],
          "identifier": "CVE-2020-11077",
          "identifiers": [
            "CVE-2020-11077",
            "GHSA-w64w-qqph-5gxm"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.12.6 before 4.0.0, all versions starting from 4.3.5",
          "package_slug": "gem/puma",
          "pubdate": "2020-05-22",
          "solution": "Upgrade to versions 3.12.6, 4.3.5 or above.",
          "title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-11077"
          ],
          "uuid": "1cd16c54-101c-455b-9267-b5e2904acc67"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.5",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.12.6",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11077"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-444"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
            },
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
            },
            {
              "name": "openSUSE-SU-2020:0990",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
            },
            {
              "name": "openSUSE-SU-2020:1001",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
            },
            {
              "name": "FEDORA-2020-fe354f24e8",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
            },
            {
              "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-03-03T14:41Z",
      "publishedDate": "2020-05-22T15:15Z"
    }
  }
}

GHSA-W64W-QQPH-5GXM

Vulnerability from github – Published: 2020-05-22 14:55 – Updated: 2023-05-16 15:55

Summary

HTTP Smuggling via Transfer-Encoding Header in Puma

Details

Impact

This is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4.

A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.

If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.

Patches

The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

For more information

If you have any questions or comments about this advisory:

Open an issue in Puma
See our security policy

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-11077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-05-22T14:46:33Z",
    "nvd_published_at": "2020-05-22T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThis is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4.\n\nA client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. \n\nIf the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.\n\n### Patches\n\nThe problem has been fixed in Puma 3.12.6 and Puma 4.3.5.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Puma](https://github.com/puma/puma)\n* See our [security policy](https://github.com/puma/puma/security/policy)",
  "id": "GHSA-w64w-qqph-5gxm",
  "modified": "2023-05-16T15:55:12Z",
  "published": "2020-05-22T14:55:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11077"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/puma/puma"
    },
    {
      "type": "WEB",
      "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11077.yml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HTTP Smuggling via Transfer-Encoding Header in Puma"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-11077 (GCVE-0-2020-11077)

FKIE_CVE-2020-11077

CNVD-2020-31667

GSD-2020-11077

GHSA-W64W-QQPH-5GXM

Impact

Patches

For more information

Tags

Sightings

Nomenclature