{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-47220", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-25T14:15:45.642637", "dateReserved": "2024-09-22T00:00:00", "datePublished": "2024-09-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-25T14:15:45.642637"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ruby/webrick/issues/145"}, {"url": "https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2369994610"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2372838285"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-444", "lang": "en", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}], "affected": [{"vendor": "ruby", "product": "webrick", "cpes": ["cpe:2.3:a:ruby:webrick:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T15:01:28.031073Z", "id": "CVE-2024-47220", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T15:07:55.964Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-47220", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-23T15:01:28.031073Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ruby:webrick:*:*:*:*:*:*:*:*"], "vendor": "ruby", "product": "webrick", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.8.1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T15:07:20.012Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/ruby/webrick/issues/145"}, {"url": "https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2369994610"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2372838285"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-25T14:15:45.642637"}}}, "cveMetadata": {"cveId": "CVE-2024-47220", "state": "PUBLISHED", "dateUpdated": "2024-09-25T14:15:45.642637", "dateReserved": "2024-09-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-09-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\""}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el kit de herramientas WEBrick a trav\u00e9s de la versi\u00f3n 1.8.1 para Ruby. Permite el contrabando de solicitudes HTTP al proporcionar un encabezado Content-Length y un encabezado Transfer-Encoding, por ejemplo, \"GET /admin HTTP/1.1\\r\\n\" dentro de una solicitud \"POST /user HTTP/1.1\\r\\n\". NOTA: la posici\u00f3n del proveedor es \"Webrick no debe usarse en producci\u00f3n\"."}], "id": "CVE-2024-47220", "lastModified": "2024-09-26T13:32:55.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-22T01:15:11.950", "references": [{"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/issues/145"}, {"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/issues/145#issuecomment-2369994610"}, {"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/issues/145#issuecomment-2372838285"}, {"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "WEBrick: HTTP request smuggling", "id": "2314051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314051"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\"", "A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result, unauthorized users can access restricted areas like /admin by POST /user."], "mitigation": {"lang": "en:us", "value": "As a temporary workaround, avoid using WEBrick in production environments. If you must use it, ensure that your application is behind a reverse proxy that can handle request validation and filtering to mitigate the risk of HTTP request smuggling."}, "name": "CVE-2024-47220", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/fluentd-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-zync-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "rubygem-webrick", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite-capsule:el8/rubygem-webrick", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite:el8/rubygem-webrick", "product_name": "Red Hat Satellite 6"}], "public_date": "2024-09-22T01:15:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47220\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47220\nhttps://github.com/ruby/webrick/issues/145\nhttps://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"], "statement": "This CVE is rated as having Moderate impact because Webrick should not be used in production. It is only still maintained because there are other gems relying on it, most of which do so only for testing, and only because it is a pure ruby implementation and it was shipped with Ruby in the past.", "threat_severity": "Moderate"}