CVE-2017-17742
ruby: HTTP response splitting in WEBrick
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versiĆ³n 2.6.0-preview1, permite un ataque de separaciĆ³n de respuesta HTTP. Un atacante puede inyectar una clave y un valor manipulados en una respuesta HTTP para el servidor HTTP de WEBrick.
It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client.
Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-18 CVE Reserved
- 2018-03-30 CVE Published
- 2024-08-05 CVE Updated
- 2025-07-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103684 | Third Party Advisory | |
| http://www.securitytracker.com/id/1042004 | Vdb Entry | |
| https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html | Mailing List |
|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.2.0 < 2.2.10 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.2.0 < 2.2.10" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.3.0 < 2.3.7 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.3.0 < 2.3.7" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.4.0 < 2.4.4 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.4.0 < 2.4.4" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.5.0 < 2.5.1 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.5.0 < 2.5.1" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.6.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.6.0" | preview1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||