CVE-2020-5247

 

Published at: - 28-02-2020 06:15

Last modified: - 12-10-2022 03:35

Total changes: - 3

Description

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

 

Verification logic

 

Reference

• https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
• https://owasp.org/www-community/attacks/HTTP_Response_Splitting
• https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254
• FEDORA-2020-a3f26a9387-Mailing List, Third Party Advisory
• FEDORA-2020-fd87f90634-Mailing List, Patch, Third Party Advisory
• FEDORA-2020-08092b4c97-Mailing List, Third Party Advisory
• [debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2020-5247

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures