14 matches found
Ubuntu: Security Advisory (USN-6682-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6682-1: Puma vulnerabilities
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. CVE-2020-11076 It was discovered that Puma incorrectly handled parsing certain header...
Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...
OESA-2021-1169 rubygem-puma security update
Security Fixes: In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.CVE-2020-11076 In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request...
SUSE: Security Advisory (SUSE-SU-2020:3147-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2398-1 : puma security update
Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076 By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. CVE-2020-11077 client could smuggle a request through a proxy, causing...
[SECURITY] [DLA 2398-1] puma security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2398-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA October 07, 2020 https://wiki.debian.org/LTS -...
SUSE-SU-2020:2060-1 Security update for rubygem-puma
This update for rubygem-puma fixes the following issues: - Add patches for disabling TLSv1.0 and TLSv1.1 jscSLE-6965: - Add CVE-2020-11077.patch bsc1172175, CVE-2020-11077 - Add CVE-2020-11076.patch bsc1172176, CVE-2020-11076 - Add CVE-2020-5247.patch bsc1165402 'Fixes a problem where we were not...
openSUSE Security Update : rubygem-puma (openSUSE-2020-990)
This update for rubygem-puma to version 4.3.5 fixes the following issues : - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...
openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:1001-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:0990-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-11076
In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...
CVE-2020-11076
CVE-2020-11076 affects Puma (RubyGem). The issue allows an attacker to smuggle an HTTP response by using an invalid transfer-encoding header. Affected versions are Puma before 4.3.4 and 3.12.5; fixes are in Puma 4.3.4 and 3.12.5. Connected advisories and bulletins (Debian, openSUSE/openSUSE-2020-...
CVE-2020-11076 HTTP Smuggling via Transfer-Encoding Header in Puma
In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...