CVE-2020-7671 - OpenCVE

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Goliath Project	Goliath

Configuration 1 [-]

cpe:2.3:a:goliath_project:goliath:*:*:*:*:*:ruby:*:*

No data.

References

Link	Providers
https://github.com/postrank-labs/goliath/issues/351%2C
https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-06-10T15:36:01

Updated: 2024-08-04T09:41:01.215Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7671

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-06-10T16:15:10.587

Modified: 2023-11-07T03:26:10.130

Link: CVE-2020-7671

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "goliath", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions including 1.0.6"}]}], "descriptions": [{"lang": "en", "value": "goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks."}], "problemTypes": [{"descriptions": [{"description": "HTTP Request Smuggling", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-10T15:36:01", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/postrank-labs/goliath/issues/351%2C"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7671", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "goliath", "version": {"version_data": [{"version_value": "All versions including 1.0.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "HTTP Request Smuggling"}]}]}, "references": {"reference_data": [{"name": "https://github.com/postrank-labs/goliath/issues/351,", "refsource": "MISC", "url": "https://github.com/postrank-labs/goliath/issues/351,"}, {"name": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.215Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/postrank-labs/goliath/issues/351%2C"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7671", "datePublished": "2020-06-10T15:36:01", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:41:01.215Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:goliath_project:goliath:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "079332CF-A488-425D-A4C7-3804B6EBE665", "versionEndIncluding": "1.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks."}, {"lang": "es", "value": "goliath versiones hasta 1.0.6, permite ataques de tr\u00e1fico no autorizado de peticiones en los que goliath se utiliza como backend y un proxy frontend tambi\u00e9n es vulnerable. Es posible llevar a cabo ataques de tr\u00e1fico no autorizado de peticiones HTTP mediante el env\u00edo del encabezado Content-Length dos veces. Adicionalmente, se encontr\u00f3 que los encabezados de Transfer Encoding no v\u00e1lidos se analizaron como v\u00e1lidos, lo que podr\u00eda ser aprovechado para los ataques de tr\u00e1fico no autorizado de TE:CL"}], "id": "CVE-2020-7671", "lastModified": "2023-11-07T03:26:10.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-10T16:15:10.587", "references": [{"source": "report@snyk.io", "url": "https://github.com/postrank-labs/goliath/issues/351%2C"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}