First published: Thu Mar 07 2024(Updated: )
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11076) It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11077) Jean Boussier discovered that Puma might not always release resources properly after handling HTTP requests. A remote attacker could possibly use this issue to read sensitive information. (CVE-2022-23634) It was discovered that Puma incorrectly handled certain malformed headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-24790) Ben Kallus discovered that Puma incorrectly handled parsing certain headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2023-40175) Bartek Nowotarski discovered that Puma incorrectly handled parsing certain encoded content. A remote attacker could possibly use this to cause a denial of service. (CVE-2024-21647)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/puma | <5.5.2-2ubuntu2+esm1 | 5.5.2-2ubuntu2+esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/puma | <3.12.4-1ubuntu2+esm1 | 3.12.4-1ubuntu2+esm1 |
Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-6682-1 is considered high due to the potential for HTTP Request Smuggling attacks.
To fix USN-6682-1, upgrade the Puma package to version 5.5.2-2ubuntu2+esm1 for Ubuntu 22.04 or to version 3.12.4-1ubuntu2+esm1 for Ubuntu 20.04.
Puma versions prior to 5.5.2-2ubuntu2+esm1 for Ubuntu 22.04 and prior to 3.12.4-1ubuntu2+esm1 for Ubuntu 20.04 are affected by USN-6682-1.
USN-6682-1 specifically affects only Ubuntu 20.04 LTS and later versions that utilize the vulnerable version of Puma.
Not addressing USN-6682-1 could allow remote attackers to exploit the vulnerability for HTTP Request Smuggling, potentially compromising application security.