4.0.1
3.12.4
CVE-2020-5247 describes a HTTP Response Splitting vulnerability in Puma, a Ruby web server. This flaw allows attackers to inject malicious content into HTTP responses by exploiting newline characters within response headers. Versions of Puma prior to 3.12.4 are affected. The vulnerability is mitigated by upgrading to version 3.12.4 or later.
The core of this vulnerability lies in Puma's handling of newline characters within HTTP response headers. An attacker who can control data included in a response header (e.g., through a vulnerable application) can inject newline characters (
, `
`). These characters can prematurely terminate the header, allowing the attacker to inject arbitrary headers or even a completely new response body. While not a direct attack vector, this response splitting can be leveraged for various malicious purposes, most notably cross-site scripting (XSS). Successful exploitation could lead to session hijacking, defacement, or redirection to malicious websites. This vulnerability shares similarities with CVE-2019-16254, which affected the WEBrick Ruby web server, highlighting a common pattern in web server implementations.
CVE-2020-5247 was publicly disclosed on February 28, 2020. There is no indication of active exploitation campaigns targeting this vulnerability at this time. The EPSS score is likely low, given the lack of public exploits and the relatively straightforward mitigation (upgrade). No KEV listing exists as of the current date.
Applications built with Ruby that utilize Puma as their web server are at risk. This includes web applications deployed on shared hosting environments where the Puma version is not directly controlled by the application developer. Legacy applications using older Puma versions are particularly vulnerable.
• ruby / puma:
puma -v | grep '3.9.1' # Check Puma version• generic web:
curl -I <target_url> | grep -i 'Content-Type:' # Inspect response headers for anomaliesdisclosure
漏洞利用状态
EPSS
2.09% (84% 百分位)
CVSS 向量
The primary mitigation for CVE-2020-5247 is to upgrade Puma to version 3.12.4 or later, which contains the fix. If an immediate upgrade is not feasible due to compatibility issues, consider implementing a WAF (Web Application Firewall) rule to filter out newline characters in response headers. Alternatively, carefully sanitize all user-supplied data before including it in response headers. Review application code to ensure that no untrusted input is directly included in response headers. After upgrading, confirm the fix by sending a request with a crafted header containing newline characters and verifying that the response does not contain unexpected headers or content.
Actualice la gema Puma a la versión 4.3.2 o superior, o a la versión 3.12.3 o superior. Esto solucionará la vulnerabilidad de división de respuesta HTTP al verificar los encabezados en busca de finales de línea y rechazar los encabezados con esos caracteres. Ejecute `gem update puma` para actualizar.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2020-5247 is a vulnerability in Puma where attackers can inject malicious content into HTTP responses using newline characters in headers, potentially leading to XSS.
You are affected if you are using Puma versions 3.9.1 or earlier. Upgrade to version 3.12.4 or later to resolve the issue.
Upgrade Puma to version 3.12.4 or later. As a temporary workaround, implement a WAF rule to filter newline characters in response headers.
There is currently no evidence of active exploitation campaigns targeting CVE-2020-5247.
Refer to the Puma security advisory for detailed information: https://github.com/puma/puma/security/advisories/GHSA-994w-4j6h-499r
上传你的 Gemfile.lock 文件,立即知道是否受影响。