Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42888
HistoryAug 22, 2023 - 2:17 p.m.

HTTP Request Smuggling

2023-08-2214:17:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
puma
vulnerability
http request smuggling
zero-length content-length
chunked transfer encoding

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.2%

puma is vulnerable to HTTP Request Smuggling. The vulnerability exists due to processing zero-length content-Length headers and chunked transfer encoding bodies in client.rb, allowing an attacker to smuggle HTTP requests.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.2%