Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-5247
HistoryFeb 28, 2020 - 12:00 a.m.

CVE-2020-5247

2020-02-2800:00:00
ubuntu.com
ubuntu.com
12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

85.9%

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using
Puma allows untrusted input in a response header, an attacker can use
newline characters (i.e. CR, LF or/r, /n) to end the header and
inject malicious content, such as additional headers or an entirely new
response body. This vulnerability is known as HTTP Response Splitting.
While not an attack in itself, response splitting is a vector for several
other attacks, such as cross-site scripting (XSS). This is related to
CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web
server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all
headers for line endings and rejecting headers with those characters.

Bugs

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

85.9%