17 matches found
SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2025:03467-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03467-1 advisory. Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which...
[SECURITY] [DLA 3947-1] puma security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 06, 2024 https://wiki.debian.org/LTS -...
Debian dla-3947 : puma - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3947 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 [email protected]...
openSUSE Security Advisory (SUSE-SU-2024:3644-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2024:3644-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3644-1 advisory. - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked...
SUSE-SU-2024:3644-1 Security update for rubygem-puma
This update for rubygem-puma fixes the following issues: - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies bsc1218638...
Fedora: Security Advisory (FEDORA-2024-c393b8b2fb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : rubygem-puma (2024-c393b8b2fb)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c393b8b2fb advisory. Automatic update for rubygem-puma-6.4.2-1.fc40. Changelog Tue Jan 9 2024 Vt Ondruch - 6.4.2-1 - Update to Puma 6.4.2. Resolves: rhbz2134670 Resolves...
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.
Summary Vulnerabilities in Puma and Amazon Ion were remediated in IBM Observability with Instana build 266. Vulnerability Details CVEID:CVE-2024-21647 DESCRIPTION: Puma is vulnerable to a denial of service, caused by incorrect behavior when parsing chunked transfer encoding bodies. By sending a...
Ubuntu: Security Advisory (USN-6682-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6682-1: Puma vulnerabilities
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. CVE-2020-11076 It was discovered that Puma incorrectly handled parsing certain header...
Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...
Ubuntu 23.04 / 23.10 : Puma vulnerability (USN-6597-1)
The remote Ubuntu 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6597-1 advisory. It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to...
CVE-2024-21647 vulnerabilities
Vulnerabilities for packages: ruby3.2-puma...
CVE-2024-21647 vulnerabilities
Vulnerabilities for packages: ruby3.2-puma...
CVE-2024-21647 HTTP Request/Response Smuggling in puma
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...
CVE-2024-21647
CVE-2024-21647 affects the Puma web server for Ruby/Rack. Prior to 6.4.2, Puma could mis-parse chunked Transfer-Encoding bodies, enabling HTTP request smuggling. The vulnerability can cause unbounded resource consumption (CPU, bandwidth), with an impact on availability. Fixed in versions 6.4.2 an...