Lucene search
K

14 matches found

OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.35 views

Ubuntu: Security Advisory (USN-6682-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.9AI score0.03977EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/03/07 2:0 p.m.63 views

USN-6682-1: Puma vulnerabilities

ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. CVE-2020-11076 It was discovered that Puma incorrectly handled parsing certain header...

9.8CVSS7.1AI score0.03977EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/07 12:0 a.m.46 views

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...

9.8CVSS7.1AI score0.03977EPSS
Exploits0References7
OSV
OSV
added 2021/05/06 11:2 a.m.4 views

OESA-2021-1169 rubygem-puma security update

Security Fixes: In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.CVE-2020-11076 In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request...

7.5CVSS7AI score0.03977EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.98507EPSS
Exploits40References10
Tenable Nessus
Tenable Nessus
added 2020/10/08 12:0 a.m.43 views

Debian DLA-2398-1 : puma security update

Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076 By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. CVE-2020-11077 client could smuggle a request through a proxy, causing...

7.5CVSS6.9AI score0.03977EPSS
Exploits0References5
Debian
Debian
added 2020/10/07 11:6 a.m.70 views

[SECURITY] [DLA 2398-1] puma security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2398-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA October 07, 2020 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.03977EPSS
Exploits0
OSV
OSV
added 2020/07/28 3:54 p.m.7 views

SUSE-SU-2020:2060-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - Add patches for disabling TLSv1.0 and TLSv1.1 jscSLE-6965: - Add CVE-2020-11077.patch bsc1172175, CVE-2020-11077 - Add CVE-2020-11076.patch bsc1172176, CVE-2020-11076 - Add CVE-2020-5247.patch bsc1165402 'Fixes a problem where we were not...

7.5CVSS7.6AI score0.03977EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.42 views

openSUSE Security Update : rubygem-puma (openSUSE-2020-990)

This update for rubygem-puma to version 4.3.5 fixes the following issues : - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

7.5CVSS6.9AI score0.03977EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/07/19 12:0 a.m.25 views

openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:1001-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.03977EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/07/19 12:0 a.m.27 views

openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:0990-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.03977EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/05/22 3:15 p.m.36 views

CVE-2020-11076

In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...

7.5CVSS6.7AI score0.03977EPSS
Exploits0References5
CVE
CVE
added 2020/05/22 2:50 p.m.260 views

CVE-2020-11076

CVE-2020-11076 affects Puma (RubyGem). The issue allows an attacker to smuggle an HTTP response by using an invalid transfer-encoding header. Affected versions are Puma before 4.3.4 and 3.12.5; fixes are in Puma 4.3.4 and 3.12.5. Connected advisories and bulletins (Debian, openSUSE/openSUSE-2020-...

7.5CVSS7AI score0.03977EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/05/22 2:50 p.m.50 views

CVE-2020-11076 HTTP Smuggling via Transfer-Encoding Header in Puma

In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...

7.5CVSS6.9AI score0.03977EPSS
Exploits0References7
Rows per page
Query Builder