7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.014 Low
EPSS
Percentile
85.9%
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using
Puma allows untrusted input in a response header, an attacker can use
newline characters (i.e. CR
, LF
or/r
, /n
) to end the header and
inject malicious content, such as additional headers or an entirely new
response body. This vulnerability is known as HTTP Response Splitting.
While not an attack in itself, response splitting is a vector for several
other attacks, such as cross-site scripting (XSS). This is related to
CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web
server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all
headers for line endings and rejecting headers with those characters.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5247
github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3)
github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2)
github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
launchpad.net/bugs/cve/CVE-2020-5247
nvd.nist.gov/vuln/detail/CVE-2020-5247
owasp.org/www-community/attacks/HTTP_Response_Splitting
security-tracker.debian.org/tracker/CVE-2020-5247
www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.014 Low
EPSS
Percentile
85.9%