ROS-20241001-03

🗓️ 01 Oct 2024 00:00:00Reported by RedosType

HTTP server vulnerability in Puma's Ruby/Rack application related to HTTP request handling, proxy server obfuscation, and compliance with RFC7230 standard

Reporter	Title	Published	Views	Family All 305
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	16 Oct 202422:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Puma used by Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-45614)	25 Apr 202512:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.	15 Mar 202413:50	–	ibm
Tenable Nessus	Amazon Linux 2022 : rubygem-puma (ALAS2022-2022-051)	6 Sep 202200:00	–	nessus
Tenable Nessus	Debian DLA-3023-1 : puma - LTS security update	26 May 202200:00	–	nessus
Tenable Nessus	Debian dla-3083 : puma - security update	2 Sep 202200:00	–	nessus
Tenable Nessus	Debian dla-3947 : puma - security update	6 Nov 202400:00	–	nessus
Tenable Nessus	Debian DSA-5146-1 : puma - security update	24 May 202200:00	–	nessus
Tenable Nessus	Fedora 38 : rubygem-puma (2022-7bc0f14a13)	14 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 40 : rubygem-puma (2024-c393b8b2fb)	29 Apr 202400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
redos	7.3	x86_64	rubygem-puma	5.6.9-1	UNKNOWN

01 Oct 2024 00:00Current

7High risk

Vulners AI Score7

CVSS 25

CVSS 3.19.1 - 9.8

EPSS0.0246

SSVC