Published: 12/10/2021 Updated: 12/10/2022

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.7 | Impact Score: 2.5 | Exploitability Score: 1.2

VMScore: 320

Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.

Vulnerable Product	Search on Vulmon	Subscribe to Product
puma puma
debian debian linux 10.0
debian debian linux 11.0

Synopsis Moderate: Satellite 611 Release Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 611 Description Red Hat Satellite is a systems management tool for Linux-basedin ...

Multiple security vulnerabilities were discovered in Puma, a HTTP server for Ruby/Rack applications, which could result in HTTP request smuggling or information disclosure For the stable distribution (bullseye), this problem has been fixed in version 438-1+deb11u2 We recommend that you upgrade your puma packages For the detailed security statu ...

Puma is a HTTP 11 server for Ruby/Rack applications Prior to versions 551 and 439, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client The only proxy ...

Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling Puma is only aware of a single proxy server which has this behavior ...

A flaw was found in rubygem-puma The fix for CVE-2019-16770 was incomplete The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process However, new connections may still be starved by greedy persistent-connection ...

CWE-444 https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f https://www.debian.org/security/2022/dsa-5146 https://security.gentoo.org/glsa/202208-28 https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html https://access.redhat.com/errata/RHSA-2022:5498 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5146

CVE-2021-41136

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect