Lucene search
Veracode Vulnerability DatabaseVERACODE:25486HistoryMay 26, 2020 - 5:32 a.m.
HTTP Request Smuggling
2020-05-2605:32:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.005 Low
EPSS
Percentile
77.4%
puma is vulnerable to HTTP request smuggling. By using an invalid Transfer-Encoding header, an attacker is able to smuggle an HTTP request to bypass access controls and obtain confidential information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| puma | le | 4.3.3 | |
| puma | le | 3.12.4 | |
| puma:buster | eq | 3.12.0-2+deb10u1 | |
| puma | le | 4.3.3 | |
| puma | le | 3.12.4 | |
| puma:buster | eq | 3.12.0-2+deb10u1 |
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html
github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22
github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
lists.debian.org/debian-lts-announce/2020/10/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/
Related
redhatcve
redhatcve
CVE-2020-11076
2020-06-01 13:51:44
CVE-2020-11077
2020-06-01 13:51:44
debiancve
debiancve
CVE-2020-11076
2020-05-22 15:15:11
CVE-2020-11077
2020-05-22 15:15:11
cvelist
cvelist
CVE-2020-11076 HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:50:12
CVE-2020-11077 HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:13
osv
osv
HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:05
CVE-2020-11076
2020-05-22 15:15:11
puma - security update
2020-10-07 00:00:00
prion
prion
Code injection
2020-05-22 15:15:00
Cross site request forgery (csrf)
2020-05-22 15:15:00
github
github
HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:05
nvd
nvd
CVE-2020-11076
2020-05-22 15:15:11
CVE-2020-11077
2020-05-22 15:15:11
ubuntucve
ubuntucve
cve
cve
CVE-2020-11076
2020-05-22 15:15:11
CVE-2020-11077
2020-05-22 15:15:11
nessus
nessus
openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)
2020-07-20 00:00:00
Debian DLA-2398-1 : puma security update
2020-10-08 00:00:00
openSUSE Security Update : rubygem-puma (openSUSE-2020-990)
2020-07-20 00:00:00
debian
debian
[SECURITY] [DLA 2398-1] puma security update
2020-10-07 11:06:30
openvas
openvas
Debian: Security Advisory (DLA-2398-1)
2020-10-08 00:00:00
openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:1001-1)
2020-07-19 00:00:00
openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:0990-1)
2020-07-19 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: rubygem-puma-4.3.6-1.fc33
2020-09-25 17:18:05
suse
suse
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rmt-server (important)
2020-11-23 00:00:00
ubuntu
ubuntu
Puma vulnerabilities
2024-03-07 00:00:00