Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11077

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

Published

2020-05-22T15:15:11.507

Last Modified

2024-11-21T04:56:44.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-444
Type: Primary
CWE-444

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	puma	puma	< 3.12.6	Yes
Application	puma	puma	< 4.3.5	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	opensuse	leap	15.1	Yes
Operating System	opensuse	leap	15.2	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html Mailing List, Third Party Advisory ([email protected])
https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22 Release Notes ([email protected])
https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/ ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/ (af854a3a-2127-422b-91ae-364da2661108)