{"containers": {"cna": {"affected": [{"product": "puma", "vendor": "puma", "versions": [{"status": "affected", "version": "< 3.12.6"}, {"status": "affected", "version": ">= 4.0.0, < 4.3.5"}]}], "descriptions": [{"lang": "en", "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-07T12:06:27", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"}, {"name": "openSUSE-SU-2020:0990", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"name": "openSUSE-SU-2020:1001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"name": "FEDORA-2020-fe354f24e8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}], "source": {"advisory": "GHSA-w64w-qqph-5gxm", "discovery": "UNKNOWN"}, "title": "HTTP Smuggling via Transfer-Encoding Header in Puma", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11077", "STATE": "PUBLIC", "TITLE": "HTTP Smuggling via Transfer-Encoding Header in Puma"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "puma", "version": {"version_data": [{"version_value": "< 3.12.6"}, {"version_value": ">= 4.0.0, < 4.3.5"}]}}]}, "vendor_name": "puma"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22", "refsource": "MISC", "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"name": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm", "refsource": "CONFIRM", "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"}, {"name": "openSUSE-SU-2020:0990", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"name": "openSUSE-SU-2020:1001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"name": "FEDORA-2020-fe354f24e8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}]}, "source": {"advisory": "GHSA-w64w-qqph-5gxm", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.618Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"}, {"name": "openSUSE-SU-2020:0990", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"name": "openSUSE-SU-2020:1001", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"name": "FEDORA-2020-fe354f24e8", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11077", "datePublished": "2020-05-22T14:55:13", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-08-04T11:21:14.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "94D6645C-59B2-466F-A147-B23EF284DEBA", "versionEndExcluding": "3.12.6", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "916E4164-0951-4145-85D6-684EF781F13A", "versionEndExcluding": "4.3.5", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."}, {"lang": "es", "value": "En Puma (RubyGem) versiones anteriores a 4.3.5 y 3.12.6, un cliente podr\u00eda hacer pasar sin autorizaci\u00f3n una petici\u00f3n por medio de un proxy, causando que el proxy env\u00ede una respuesta a otro cliente desconocido. Si el proxy usa conexiones persistentes y el cliente agrega otra petici\u00f3n por medio de la canalizaci\u00f3n HTTP, el proxy puede confundirlo como el cuerpo de la primera petici\u00f3n. Sin embargo, Puma lo ver\u00eda como dos peticiones y, al procesar la segunda petici\u00f3n, devolver\u00eda una respuesta que el proxy no espera. Si el proxy ha reutilizado la conexi\u00f3n persistente a Puma para enviar otra petici\u00f3n para un cliente diferente, la segunda respuesta desde el primer cliente ser\u00e1 enviada al segundo cliente. Esta es una vulnerabilidad similar pero diferente de CVE-2020-11076. El problema se ha corregido en Puma versi\u00f3n 3.12.6 y Puma versi\u00f3n 4.3.5."}], "id": "CVE-2020-11077", "lastModified": "2023-11-07T03:14:29.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-05-22T15:15:11.507", "references": [{"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "rubygem-puma: HTTP Smuggling through a proxy via Transfer-Encoding Header", "id": "1842534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842534"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.", "A flaw was found in rubygem-puma. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-11077", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "impact": "low", "package_name": "rubygem-puma", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rubygem-puma", "product_name": "Red Hat Storage 3"}], "public_date": "2020-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-11077\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11077\nhttps://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"], "statement": "Red Hat Gluster Storage 3 Web Administration component uses affected RubyGem Puma, which does not have the http body chunk verification.", "threat_severity": "Moderate", "upstream_fix": "rubygem-puma 4.3.5, rubygem-puma 3.12.6"}