nvd-json-data-feeds/CVE-2021/CVE-2021-411xx/CVE-2021-41136.json

{
  "id": "CVE-2021-41136",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2021-10-12T16:15:07.630",
  "lastModified": "2022-10-12T13:30:51.080",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`."
    },
    {
      "lang": "es",
      "value": "Puma es un servidor HTTP versi\u00f3n 1.1 para aplicaciones Ruby/Rack. Antes de las versiones 5.5.1 y 4.3.9, usar \"puma\" con un proxy que reenv\u00ede valores del encabezado HTTP que contengan el car\u00e1cter LF pod\u00eda permitir el contrabando de peticiones HTTP. Un cliente pod\u00eda pasar una petici\u00f3n mediante un proxy, causando que el proxy enviara una respuesta a otro cliente desconocido. El \u00fanico proxy que presenta este comportamiento, hasta donde el equipo de Puma sabe, es Apache Traffic Server. Si el proxy usa conexiones persistentes y el cliente a\u00f1ade otra petici\u00f3n por medio de HTTP pipelining, el proxy puede confundirla con el cuerpo de la primera petici\u00f3n. Puma, sin embargo, lo ver\u00eda como dos peticiones, y cuando procese la segunda petici\u00f3n, devolver\u00e1 una respuesta que el proxy no espera. Si el proxy ha reusado la conexi\u00f3n persistente con Puma para enviar otra petici\u00f3n para un cliente diferente, la segunda respuesta del primer cliente ser\u00e1 enviada al segundo cliente. Esta vulnerabilidad fue parcheada en Puma versiones 5.5.1 y 4.3.9. Como soluci\u00f3n, no use Apache Traffic Server con \"puma\""
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5
      },
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "HIGH",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.6
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
              "versionEndIncluding": "4.3.8",
              "matchCriteriaId": "8B1C2F6F-4978-4F25-B62B-B103AEA0B64A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
              "versionStartIncluding": "5.0.0",
              "versionEndIncluding": "5.5.0",
              "matchCriteriaId": "920A054F-A248-42DA-8873-B8ECFA453A50"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx",
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html",
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://security.gentoo.org/glsa/202208-28",
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.debian.org/security/2022/dsa-5146",
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}