CVE-2019-16254
ruby: HTTP response splitting in WEBrick
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, permite HTTP Response Splitting. Si un programa que utiliza WEBrick inserta información no segura en el encabezado de respuesta, un atacante puede explotarlo para insertar un carácter newline para dividir un encabezado e inyectar contenido malicioso para engañar a los clientes. NOTA: este problema se presenta debido a una solución incompleta de CVE-2017-17742, que abordó el vector CRLF, pero no abordó un CR aislado o un LF aislado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-09-11 CVE Reserved
- 2019-11-26 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| https://hackerone.com/reports/331984 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/Dec/31 | Mailing List |
|
| https://seclists.org/bugtraq/2019/Dec/32 | Mailing List |
|
| https://www.oracle.com/security-alerts/cpujan2020.html |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | <= 2.3.0 Search vendor "Ruby-lang" for product "Ruby" and version " <= 2.3.0" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.4.0 <= 2.4.7 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.4.0 <= 2.4.7" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.5.0 <= 2.5.6 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.5.0 <= 2.5.6" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.6.0 <= 2.6.4 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.6.0 <= 2.6.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||