CVE-2023-40175

Inconsistent Interpretation of HTTP Requests in puma

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Puma es un servidor web Ruby/Rack construido para paralelismo. Antes de las versiones 6.3.1 y 5.6.7, Puma mostraba un comportamiento incorrecto al analizar cuerpos de codificación de transferencia en trozos y cabeceras Content-Length de longitud cero de forma que permitía el contrabando de peticiones HTTP. La gravedad de este problema depende en gran medida de la naturaleza del sitio web que utiliza Puma. Esto podría ser causado por un análisis incorrecto de los campos finales en los cuerpos de codificación de transferencia en trozos o por el análisis de cabeceras Content-Length en blanco/longitud cero. Ambos problemas han sido solucionados y esta vulnerabilidad ha sido corregida en las versiones 6.3.1 y 5.6.7.Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad.

An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-08-09 CVE Reserved
2023-08-18 CVE Published
2024-09-19 EPSS Updated
2024-10-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a	2023-08-24

URL	Date	SRC
https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8	2023-08-24
https://access.redhat.com/security/cve/CVE-2023-40175	2024-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=2232729	2024-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Puma Search vendor "Puma"		Puma Search vendor "Puma" for product "Puma"				< 5.6.7 Search vendor "Puma" for product "Puma" and version " < 5.6.7"		ruby		Affected
Puma Search vendor "Puma"		Puma Search vendor "Puma" for product "Puma"				>= 6.0.0 < 6.3.1 Search vendor "Puma" for product "Puma" and version " >= 6.0.0 < 6.3.1"		ruby		Affected