HTTP Response Splitting Vulnerability in Ruby Affected WEBrick Server
CVE-2017-17742

5.3MEDIUM

Key Information:

Vendor: Ruby-lang
Status: Ruby
Vendor: CVE Published:; 3 April 2018

What is CVE-2017-17742?

The vulnerability allows an attacker to exploit HTTP Response Splitting through crafted key-value pairs in the HTTP response of the WEBrick server. This could potentially lead to other security risks such as cache poisoning or cross-site scripting (XSS), exposing users to malicious content. It is essential for users of Ruby, particularly in versions prior to the specified patches, to review their server configurations and update to secure versions to prevent exploitation.

References

https://usn.ubuntu.com/3685-1/

vendor-advisory

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-r...

http://www.securityfocus.com/bid/103684

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2018
Vulnerability Reserved
Dec 18, 2017

Ruby-lang

What is CVE-2017-17742?

References

CVSS V3.1

Timeline