Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20241001-03
HistoryOct 01, 2024 - 12:00 a.m.

ROS-20241001-03

2024-10-0100:00:00
redos.red-soft.ru
1

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

JSON

An HTTP server vulnerability for Ruby/Rack application Puma is related to a flaw in HTTP request handling.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
using a specially crafted HTTP request (HTTP Request Smuggling attack)

The HTTP server vulnerability for Ruby/Rack applications of Puma is related to obfuscation of values set by intermediate proxy servers.
intermediate proxies (such as X-Forwarded-For) by providing an underscored version of the same header (X-Forwarded-For).
same header (X-Forwarded_For). Exploitation of the vulnerability could allow an attacker acting
remotely, to impact the confidentiality, integrity, and availability of the

The HTTP server vulnerability for Puma’s Ruby/Rack application is related to the disclosure of confidential information
to an unauthorized person. Exploitation of the vulnerability could allow an attacker acting remotely,
gain access to confidential information

HTTP server vulnerability for Ruby/Rack applications Puma is related to flaws in processing HTTP requests,
containing the Content-Length header. Exploitation of the vulnerability could allow an attacker acting remotely to send a covert HTTP request.
remotely send a hidden HTTP request (HTTP Request Smuggling attack)

HTTP server vulnerability for Ruby/Rack applications Puma is related to the lack of checking incoming HTTP requests for compliance with the RF standard.
HTTP request for compliance with RFC7230 standard. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the confidentiality, integrity and availability of the Puma application.

The HTTP server vulnerability for Ruby/Rack application Puma is related to a proxy server sending a response back
to another unknown client. Exploitation of the vulnerability could allow an attacker acting remotely,
gain access to confidential information

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64rubygem-puma< 5.6.9-1UNKNOWN

Related

nessus 20
debian 3
osv 33
openvas 16
ubuntu 3
gentoo 1
fedora 3
suse 2
cgr 1
cvelist 6
redhatcve 6
prion 5
debiancve 6
nvd 6
veracode 5
wolfi 2
ubuntucve 5
cve 6
rubygems 6
github 6
cnvd 1
vulnrichment 1
githubexploit 1
redhat 5
ibm 2
rocky 1
nessus
nessus
Debian DSA-5146-1 : puma - security update
2022-05-24 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)
2024-03-07 00:00:00
Fedora 40 : rubygem-puma (2024-c393b8b2fb)
2024-04-29 00:00:00
debian
debian
[SECURITY] [DSA 5146-1] puma security update
2022-05-24 17:49:53
[SECURITY] [DLA 3083-1] puma security update
2022-08-27 19:07:44
[SECURITY] [DLA 3023-1] puma security update
2022-05-25 22:50:13
osv
osv
puma - security update
2022-05-24 00:00:00
puma vulnerabilities
2024-03-07 14:00:06
puma - security update
2022-08-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5146-1)
2022-05-25 00:00:00
Ubuntu: Security Advisory (USN-6682-1)
2024-03-08 00:00:00
Debian: Security Advisory (DLA-3083-1)
2022-08-28 00:00:00
ubuntu
ubuntu
Puma vulnerabilities
2024-03-07 00:00:00
Puma vulnerability
2024-01-25 00:00:00
Puma vulnerability
2023-09-27 00:00:00
gentoo
gentoo
Puma: Multiple Vulnerabilities
2022-08-14 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: rubygem-puma-5.6.5-1.fc37
2022-09-12 17:53:51
[SECURITY] Fedora 35 Update: rubygem-puma-4.3.6-5.fc35
2022-09-07 09:56:59
[SECURITY] Fedora 36 Update: rubygem-puma-5.5.2-3.fc36
2022-09-07 10:44:36
suse
suse
Security update for rubygem-puma (important)
2022-05-04 00:00:00
Security update for rubygem-puma (important)
2022-10-13 00:00:00
cgr
cgr
CVE-2024-21647 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2024-21647 HTTP Request/Response Smuggling in puma
2024-01-08 13:45:27
CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma
2023-08-18 21:35:47
CVE-2021-41136 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
2021-10-12 15:30:11
redhatcve
redhatcve
CVE-2023-40175
2023-08-22 17:50:39
CVE-2022-23634
2022-02-14 13:37:49
CVE-2024-45614
2024-09-20 04:43:43
prion
prion
Design/Logic Flaw
2024-01-08 14:15:00
Design/Logic Flaw
2023-08-18 22:15:00
Cross site request forgery (csrf)
2021-10-12 16:15:00
debiancve
debiancve
CVE-2024-21647
2024-01-08 14:15:47
CVE-2021-41136
2021-10-12 16:15:07
CVE-2022-23634
2022-02-11 22:15:07
nvd
nvd
CVE-2024-21647
2024-01-08 14:15:47
CVE-2021-41136
2021-10-12 16:15:07
CVE-2022-23634
2022-02-11 22:15:07
veracode
veracode
HTTP Request Smuggling
2021-10-13 05:54:04
HTTP Request Smuggling
2023-08-22 14:17:09
HTTP Request Smuggling
2024-01-09 07:22:47
wolfi
wolfi
CVE-2024-45614 vulnerabilities
2024-10-01 21:13:23
CVE-2024-21647 vulnerabilities
2024-10-01 21:13:23
ubuntucve
ubuntucve
CVE-2022-23634
2022-02-11 00:00:00
CVE-2023-40175
2023-08-18 00:00:00
CVE-2021-41136
2021-10-12 00:00:00
cve
cve
CVE-2022-23634
2022-02-11 22:15:07
CVE-2024-45614
2024-09-19 23:15:11
CVE-2021-41136
2021-10-12 16:15:07
rubygems
rubygems
Puma's header normalization allows for client to clobber proxy set headers
2024-09-19 21:00:00
Puma HTTP Request/Response Smuggling vulnerability
2024-01-07 21:00:00
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
2021-10-11 21:00:00
github
github
Puma's header normalization allows for client to clobber proxy set headers
2024-09-20 14:40:16
Puma HTTP Request/Response Smuggling vulnerability
2023-08-18 21:50:05
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
2021-10-12 17:53:00
cnvd
cnvd
Puma Information Breach Vulnerability
2022-02-15 00:00:00
vulnrichment
vulnrichment
CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma
2024-09-19 22:42:33
githubexploit
githubexploit
Exploit for Authorization Bypass Through User-Controlled Key in Puma
2024-09-28 06:29:00
redhat
redhat
(RHSA-2022:8532) Important: Satellite 6.9.10 Async Security Update
2022-11-17 17:13:35
(RHSA-2023:1486) Important: Red Hat Gluster Storage web-admin-build security update
2023-03-28 00:06:18
(RHSA-2024:0797) Important: Satellite 6.14.2 Async Security Update
2024-02-13 14:38:17
ibm
ibm
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.
2024-03-15 13:50:03
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:20:21
rocky
rocky
Satellite 6.11 Release
2022-07-05 13:55:16

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

JSON
Related for ROS-20241001-03
nessus20debian3osv33openvas16ubuntu3gentoo1fedora3suse2cgr1cvelist6redhatcve6prion5debiancve6nvd6veracode5wolfi2ubuntucve5cve6rubygems6github6cnvd1vulnrichment1githubexploit1redhat5ibm2rocky1