CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
84.1%
In Puma (RubyGem) before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR
, LF
or/r
, /n
) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting.
While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS).
This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server.
This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
github.com/advisories/GHSA-84j7-475p-hp8v
github.com/puma/puma/commit/c36491756f68a9d6a8b3a49e7e5eb07fe6f1332f
github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-5247.yml
lists.debian.org/debian-lts-announce/2022/05/msg00034.html
lists.fedoraproject.org/archives/list/[email protected]/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/
lists.fedoraproject.org/archives/list/[email protected]/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/
lists.fedoraproject.org/archives/list/[email protected]/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/
nvd.nist.gov/vuln/detail/CVE-2020-5247
owasp.org/www-community/attacks/HTTP_Response_Splitting
www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
84.1%