Inconsistent Interpretation of HTTP Requests in puma
CVE-2023-40175

7.3HIGH

Key Information:

Vendor: Puma
Status: Puma
Vendor: CVE Published:; 18 August 2023

What is CVE-2023-40175?

Puma, a parallel web server built on Ruby/Rack, has demonstrated an issue in processing HTTP requests that could lead to request smuggling. The vulnerability arises from improper handling of chunked transfer encoding bodies and zero-length Content-Length headers. Specifically, the server's failure to accurately parse trailing fields in chunked encoding or blank headers poses risks depending on how the website implements Puma. It is vital for users running versions older than 6.3.1 and 5.6.7 to upgrade promptly, as there are currently no known workarounds for mitigating this vulnerability.

Affected Version(s)

puma < 5.6.7 < 5.6.7

puma >= 6.0.0, < 6.3.1 < 6.0.0, 6.3.1

References

https://github.com/puma/puma/security/advisories/GHSA-68x...

x_refsource_CONFIRM

https://github.com/puma/puma/commit/690155e7d644b80eeef0a...

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2023
Vulnerability Reserved
Aug 9, 2023