Lucene search
Redhat.comRH:CVE-2017-17742HistoryMar 29, 2018 - 9:19 a.m.
CVE-2017-17742
2018-03-2909:19:31
redhat.com
access.redhat.com
21
EPSS
0.007
Percentile
80.1%
It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server’s headers, could force WEBrick into injecting additional headers to a client.
Mitigation
The server can manually sanitize possibly untrusted headers prior to inserting them in the reply.
Related
ubuntucve
ubuntucve
CVE-2017-17742
2018-04-03 00:00:00
CVE-2019-16254
2019-11-20 00:00:00
osv
osv
CVE-2017-17742
2018-04-03 22:29:00
CVE-2019-16254
2019-11-26 18:15:15
jruby - security update
2019-12-10 00:00:00
veracode
veracode
HTTP Response Splitting
2019-01-15 09:27:07
prion
prion
Design/Logic Flaw
2018-04-03 22:29:00
Input validation
2019-11-26 18:15:00
cvelist
cvelist
CVE-2017-17742
2018-04-03 00:00:00
CVE-2019-16254
2019-11-26 00:00:00
rubygems
rubygems
HTTP response splitting in WEBrick
2018-03-27 21:00:00
HTTP response splitting in WEBrick (Additional fix)
2019-09-30 21:00:00
nvd
nvd
CVE-2017-17742
2018-04-03 22:29:00
CVE-2019-16254
2019-11-26 18:15:15
cve
cve
CVE-2017-17742
2018-04-03 22:29:00
CVE-2019-16254
2019-11-26 18:15:15
hackerone
hackerone
Ruby: Response splitting vulnerability in WEBrick
2016-07-25 20:33:08
Ruby: HTTP header can split /[\r\n]/ instead of /\r\n/
2018-04-02 14:50:38
alpinelinux
alpinelinux
CVE-2017-17742
2018-04-03 22:29:00
CVE-2019-16254
2019-11-26 18:15:15
debiancve
debiancve
CVE-2017-17742
2018-04-03 22:29:00
CVE-2019-16254
2019-11-26 18:15:15
redhatcve
redhatcve
CVE-2019-16254
2020-01-09 19:38:59
redhat
redhat
(RHSA-2020:1963) Moderate: ruby security update
2020-04-29 09:03:52
(RHSA-2020:2288) Moderate: ruby security update
2020-05-26 08:52:58
(RHSA-2020:2212) Moderate: ruby security update
2020-05-19 13:16:01
nessus
nessus
RHEL 7 : ruby (RHSA-2020:2212)
2020-05-20 00:00:00
RHEL 7 : ruby (RHSA-2020:1963)
2020-04-29 00:00:00
EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1130)
2020-02-24 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1130)
2020-02-24 00:00:00
Debian: Security Advisory (DLA-2027-1)
2019-12-11 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1031)
2020-01-23 00:00:00
debian
debian
[SECURITY] [DLA 2027-1] jruby security update
2019-12-10 12:43:11
[SECURITY] [DLA 2007-1] ruby2.1 security update
2019-11-25 21:24:29
[SECURITY] [DLA 1359-1] ruby1.8 security update
2018-04-23 09:51:58
archlinux
archlinux
[ASA-201910-2] ruby: multiple issues
2019-10-02 00:00:00
[ASA-201910-5] ruby2.5: multiple issues
2019-10-02 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: ruby-2.5.1-92.fc28
2018-04-15 02:45:12
[SECURITY] Fedora 26 Update: ruby-2.4.4-88.fc26
2018-05-29 11:09:55
[SECURITY] Fedora 27 Update: ruby-2.4.4-89.fc27
2018-06-06 12:59:35
f5
f5
K80173446 : Multiple Ruby vulnerabilities
2018-05-08 00:00:00
slackware
slackware
[slackware-security] ruby
2018-03-29 22:43:54
amazon
amazon
Important: ruby
2024-02-29 10:03:00
Important: ruby24
2020-08-26 23:09:00
Medium: ruby
2019-08-23 03:41:00
freebsd
freebsd
ruby -- multiple vulnerabilities
2018-03-28 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerability
2018-10-26 21:47:14
Updated jruby packages fix security vulnerabilities
2020-11-27 23:14:57
ubuntu
ubuntu
Ruby vulnerabilities
2018-06-13 00:00:00
Ruby regression
2021-03-25 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2019-08-30 04:17:17
oraclelinux
oraclelinux
ruby security update
2019-08-13 00:00:00
suse
suse
Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)
2019-07-21 00:00:00
apple
apple
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
2018-07-09 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34