CVE-2021-29509 – Keepalive Connections Causing Denial Of Service in puma
https://notcve.org/view.php?id=CVE-2021-29509
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. • https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837 https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 https://github.com/puma/puma/security/policy https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html https://rubygems.org/gems/puma https://security.gentoo.org/glsa/202208-28 https://access.redhat.com/security/cve/CVE-2021-29509 https://bugzilla.redhat.com/show_bug.cgi?id=1964874 • CWE-400: Uncontrolled Resource Consumption CWE-667: Improper Locking •
CVE-2020-5249 – HTTP Response Splitting (Early Hints) in Puma
https://notcve.org/view.php?id=CVE-2020-5249
In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4. • https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproje • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2020-5247 – HTTP Response Splitting in Puma
https://notcve.org/view.php?id=CVE-2020-5247
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. • https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD https://owasp.org/www-communi • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2006-4713 – PUMA 1.0 RC 2 - 'config.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4713
PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. Vulnerabilidad PHP de inclusión remota de archivo en config.php en PSYWERKS PUMA 1.0 RC2 permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro fpath. • https://www.exploit-db.com/exploits/2340 http://securityreason.com/securityalert/1557 http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_%28config.php%29_R%20FI.htm http://www.securityfocus.com/archive/1/445723/100/0/threaded http://www.securityfocus.com/bid/19940 http://www.vupen.com/english/advisories/2006/3545 https://exchange.xforce.ibmcloud.com/vulnerabilities/28837 •