critical
9.8
CWE
444
Advisory Published
CVE Published
Advisory Published
Updated

CVE-2023-40175: Inconsistent Interpretation of HTTP Requests in puma

First published: Fri Aug 18 2023(Updated: )

### Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: * Incorrect parsing of trailing fields in chunked transfer encoding bodies * Parsing of blank/zero-length Content-Length headers ### Patches The vulnerability has been fixed in 6.3.1 and 5.6.7. ### Workarounds No known workarounds. ### References [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling) ### For more information If you have any questions or comments about this advisory: Open an issue in [Puma](https://github.com/puma/puma) See our [security policy](https://github.com/puma/puma/security/policy)

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Puma Puma<5.6.7
Puma Puma>=6.0.0<6.3.1
rubygems/puma<5.6.7
5.6.7
rubygems/puma>=6.0.0<6.3.1
6.3.1
redhat/puma<6.3.1
6.3.1
redhat/puma<5.6.7
5.6.7
ubuntu/puma<5.6.7
5.6.7
ubuntu/puma<5.6.5-3ubuntu1.1
5.6.5-3ubuntu1.1
ubuntu/puma<5.6.5-4ubuntu2
5.6.5-4ubuntu2
ubuntu/puma<3.12.4-1ubuntu2+
3.12.4-1ubuntu2+
ubuntu/puma<5.5.2-2ubuntu2+
5.5.2-2ubuntu2+
debian/puma<=3.12.0-2+deb10u2<=3.12.0-2+deb10u3<=4.3.8-1<=4.3.8-1+deb11u2<=5.6.5-3
6.4.2-4

Remedy

https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a

Remedy

https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1

Remedy

https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2023-40175?

    CVE-2023-40175 is a vulnerability in Puma, a Ruby/Rack web server, that allows HTTP request smuggling.

  • How severe is CVE-2023-40175?

    CVE-2023-40175 has a severity rating of 9.8, which is considered critical.

  • What is the impact of CVE-2023-40175?

    CVE-2023-40175 allows an attacker to perform HTTP request smuggling due to incorrect parsing of chunked transfer encoding bodies and zero-length Content-Length headers.

  • How do I fix CVE-2023-40175?

    To fix CVE-2023-40175, update Puma to version 6.3.1 or 5.6.7.

  • Where can I find more information about CVE-2023-40175?

    More information about CVE-2023-40175 can be found in the following references: - [GitHub Advisory](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8) - [GitHub Commit 1](https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a) - [GitHub Commit 2](https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203