HTTP Smuggling via Transfer-Encoding Header in Puma
CVE-2020-11076

7.5HIGH

Key Information:

Vendor

Puma

Status
Puma
Vendor
CVE Published:
22 May 2020

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-11076?

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

Affected Version(s)

puma < 3.12.5 < 3.12.5

puma >= 4.0.0, < 4.3.4 < 4.0.0, 4.3.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cougar
Created by dentarg

References

https://github.com/puma/puma/security/advisories/GHSA-x7j...
x_refsource_CONFIRM
https://github.com/puma/puma/blob/master/History.md#43443...
x_refsource_MISC
https://github.com/puma/puma/commit/f24d5521295a2152c286a...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.