CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
An HTTP server vulnerability for Ruby/Rack application Puma is related to a flaw in HTTP request handling.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
using a specially crafted HTTP request (HTTP Request Smuggling attack)
The HTTP server vulnerability for Ruby/Rack applications of Puma is related to obfuscation of values set by intermediate proxy servers.
intermediate proxies (such as X-Forwarded-For) by providing an underscored version of the same header (X-Forwarded-For).
same header (X-Forwarded_For). Exploitation of the vulnerability could allow an attacker acting
remotely, to impact the confidentiality, integrity, and availability of the
The HTTP server vulnerability for Puma’s Ruby/Rack application is related to the disclosure of confidential information
to an unauthorized person. Exploitation of the vulnerability could allow an attacker acting remotely,
gain access to confidential information
HTTP server vulnerability for Ruby/Rack applications Puma is related to flaws in processing HTTP requests,
containing the Content-Length header. Exploitation of the vulnerability could allow an attacker acting remotely to send a covert HTTP request.
remotely send a hidden HTTP request (HTTP Request Smuggling attack)
HTTP server vulnerability for Ruby/Rack applications Puma is related to the lack of checking incoming HTTP requests for compliance with the RF standard.
HTTP request for compliance with RFC7230 standard. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the confidentiality, integrity and availability of the Puma application.
The HTTP server vulnerability for Ruby/Rack application Puma is related to a proxy server sending a response back
to another unknown client. Exploitation of the vulnerability could allow an attacker acting remotely,
gain access to confidential information
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | rubygem-puma | < 5.6.9-1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low