Lucene search
+L

18 matches found

OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.35 views

Ubuntu: Security Advisory (USN-6682-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.9AI score0.03977EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/03/07 2:0 p.m.63 views

USN-6682-1: Puma vulnerabilities

ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. CVE-2020-11076 It was discovered that Puma incorrectly handled parsing certain header...

9.8CVSS7.1AI score0.03977EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/07 12:0 a.m.47 views

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...

9.8CVSS7.1AI score0.03977EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.35 views

RHEL 7 : Satellite 6.9.10 Async Security Update (Important) (RHSA-2022:8532)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8532 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...

9.1CVSS7AI score0.0214EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/10/14 12:0 a.m.41 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2022:3571-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3571-1 advisory. Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant bsc1197818. Tenable has...

9.1CVSS6.7AI score0.0214EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/09/08 12:0 a.m.32 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-52d0032596)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8CVSS6.8AI score0.02124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.37 views

Amazon Linux 2022 : rubygem-puma (ALAS2022-2022-051)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-051 advisory. A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starv...

9.1CVSS6.8AI score0.0214EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2022/08/28 12:0 a.m.30 views

Debian: Security Advisory (DLA-3083-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.1AI score0.0214EPSS
Exploits0References4
Debian
Debian
added 2022/08/27 7:7 p.m.57 views

[SECURITY] [DLA 3083-1] puma security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3083-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA August 28, 2022 https://wiki.debian.org/LTS -...

9.1CVSS7.2AI score0.0214EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/08/15 12:0 a.m.42 views

GLSA-202208-28 : Puma: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-28 Puma: Multiple Vulnerabilities - Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been...

9.1CVSS6.8AI score0.0214EPSS
Exploits0References9
Debian
Debian
added 2022/05/24 5:49 p.m.52 views

[SECURITY] [DSA 5146-1] puma security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2022 https://www.debian.org/security/faq -...

9.1CVSS6.8AI score0.0214EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/05/24 12:0 a.m.52 views

Debian DSA-5146-1 : puma - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5146 advisory. - Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain...

9.1CVSS6.9AI score0.0214EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2022/04/04 11:50 a.m.55 views

CVE-2022-24790

A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity...

9.1CVSS0.4AI score0.0214EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/03/30 9:50 p.m.66 views

CVE-2022-24790

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. Thi...

9.1CVSS6.1AI score0.0214EPSS
Exploits0
OSV
OSV
added 2022/03/30 9:50 p.m.25 views

CVE-2022-24790 HTTP Request Smuggling in puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. Thi...

9.1CVSS6.2AI score0.0214EPSS
Exploits0References10
Cvelist
Cvelist
added 2022/03/30 9:50 p.m.27 views

CVE-2022-24790 HTTP Request Smuggling in puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. Thi...

9.1CVSS8.5AI score0.0214EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2022/03/30 9:50 p.m.6 views

CVE-2022-24790 HTTP Request Smuggling in puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. Thi...

9.1CVSS9.2AI score0.0214EPSS
Exploits0References8
CVE
CVE
added 2022/03/30 9:50 p.m.310 views

CVE-2022-24790

CVE-2022-24790 affects Puma when deployed behind a proxy that doesn’t validate RFC7230-compliant requests. The mismatch between front-end proxy and Puma can allow HTTP Request Smuggling. The issue is fixed in Puma 5.6.4 and 4.3.12. Remediation is to upgrade to these versions or apply equivalent u...

9.1CVSS8.3AI score0.0214EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder