ID CVE-2017-17742
Summary Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-04-2023 - 23:15)
Impact:
Exploitability:
CWE CWE-113
CAPEC
  • HTTP Response Splitting
    This attack uses a maliciously-crafted HTTP request in order to cause a vulnerable web server to respond with an HTTP response stream that will be interpreted by the client as two separate responses instead of one. This is possible when user-controlled input is used unvalidated as part of the response headers. The target software, the client, will interpret the injected header as being a response to a second request, thereby causing the maliciously-crafted contents be displayed and possibly cached.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2018:3729
  • rhsa
    id RHSA-2018:3730
  • rhsa
    id RHSA-2018:3731
  • rhsa
    id RHSA-2019:2028
rpms
  • rh-ruby23-ruby-0:2.3.8-69.el6
  • rh-ruby23-ruby-0:2.3.8-69.el7
  • rh-ruby23-ruby-debuginfo-0:2.3.8-69.el6
  • rh-ruby23-ruby-debuginfo-0:2.3.8-69.el7
  • rh-ruby23-ruby-devel-0:2.3.8-69.el6
  • rh-ruby23-ruby-devel-0:2.3.8-69.el7
  • rh-ruby23-ruby-doc-0:2.3.8-69.el6
  • rh-ruby23-ruby-doc-0:2.3.8-69.el7
  • rh-ruby23-ruby-irb-0:2.3.8-69.el6
  • rh-ruby23-ruby-irb-0:2.3.8-69.el7
  • rh-ruby23-ruby-libs-0:2.3.8-69.el6
  • rh-ruby23-ruby-libs-0:2.3.8-69.el7
  • rh-ruby23-ruby-tcltk-0:2.3.8-69.el6
  • rh-ruby23-ruby-tcltk-0:2.3.8-69.el7
  • rh-ruby23-rubygem-bigdecimal-0:1.2.8-69.el6
  • rh-ruby23-rubygem-bigdecimal-0:1.2.8-69.el7
  • rh-ruby23-rubygem-did_you_mean-0:1.0.0-69.el6
  • rh-ruby23-rubygem-did_you_mean-0:1.0.0-69.el7
  • rh-ruby23-rubygem-io-console-0:0.4.5-69.el6
  • rh-ruby23-rubygem-io-console-0:0.4.5-69.el7
  • rh-ruby23-rubygem-json-0:1.8.3.1-69.el6
  • rh-ruby23-rubygem-json-0:1.8.3.1-69.el7
  • rh-ruby23-rubygem-minitest-0:5.8.5-69.el6
  • rh-ruby23-rubygem-minitest-0:5.8.5-69.el7
  • rh-ruby23-rubygem-net-telnet-0:0.1.1-69.el6
  • rh-ruby23-rubygem-net-telnet-0:0.1.1-69.el7
  • rh-ruby23-rubygem-power_assert-0:0.2.6-69.el6
  • rh-ruby23-rubygem-power_assert-0:0.2.6-69.el7
  • rh-ruby23-rubygem-psych-0:2.1.0.1-69.el6
  • rh-ruby23-rubygem-psych-0:2.1.0.1-69.el7
  • rh-ruby23-rubygem-rake-0:10.4.2-69.el6
  • rh-ruby23-rubygem-rake-0:10.4.2-69.el7
  • rh-ruby23-rubygem-rdoc-0:4.2.1-69.el6
  • rh-ruby23-rubygem-rdoc-0:4.2.1-69.el7
  • rh-ruby23-rubygem-test-unit-0:3.1.5-69.el6
  • rh-ruby23-rubygem-test-unit-0:3.1.5-69.el7
  • rh-ruby23-rubygems-0:2.5.2.3-69.el6
  • rh-ruby23-rubygems-0:2.5.2.3-69.el7
  • rh-ruby23-rubygems-devel-0:2.5.2.3-69.el6
  • rh-ruby23-rubygems-devel-0:2.5.2.3-69.el7
  • rh-ruby24-ruby-0:2.4.5-91.el6
  • rh-ruby24-ruby-0:2.4.5-91.el7
  • rh-ruby24-ruby-debuginfo-0:2.4.5-91.el6
  • rh-ruby24-ruby-debuginfo-0:2.4.5-91.el7
  • rh-ruby24-ruby-devel-0:2.4.5-91.el6
  • rh-ruby24-ruby-devel-0:2.4.5-91.el7
  • rh-ruby24-ruby-doc-0:2.4.5-91.el6
  • rh-ruby24-ruby-doc-0:2.4.5-91.el7
  • rh-ruby24-ruby-irb-0:2.4.5-91.el6
  • rh-ruby24-ruby-irb-0:2.4.5-91.el7
  • rh-ruby24-ruby-libs-0:2.4.5-91.el6
  • rh-ruby24-ruby-libs-0:2.4.5-91.el7
  • rh-ruby24-rubygem-bigdecimal-0:1.3.2-91.el6
  • rh-ruby24-rubygem-bigdecimal-0:1.3.2-91.el7
  • rh-ruby24-rubygem-did_you_mean-0:1.1.0-91.el6
  • rh-ruby24-rubygem-did_you_mean-0:1.1.0-91.el7
  • rh-ruby24-rubygem-io-console-0:0.4.6-91.el6
  • rh-ruby24-rubygem-io-console-0:0.4.6-91.el7
  • rh-ruby24-rubygem-json-0:2.0.4-91.el6
  • rh-ruby24-rubygem-json-0:2.0.4-91.el7
  • rh-ruby24-rubygem-minitest-0:5.10.1-91.el6
  • rh-ruby24-rubygem-minitest-0:5.10.1-91.el7
  • rh-ruby24-rubygem-net-telnet-0:0.1.1-91.el6
  • rh-ruby24-rubygem-net-telnet-0:0.1.1-91.el7
  • rh-ruby24-rubygem-openssl-0:2.0.9-91.el6
  • rh-ruby24-rubygem-openssl-0:2.0.9-91.el7
  • rh-ruby24-rubygem-power_assert-0:0.4.1-91.el6
  • rh-ruby24-rubygem-power_assert-0:0.4.1-91.el7
  • rh-ruby24-rubygem-psych-0:2.2.2-91.el6
  • rh-ruby24-rubygem-psych-0:2.2.2-91.el7
  • rh-ruby24-rubygem-rake-0:12.0.0-91.el6
  • rh-ruby24-rubygem-rake-0:12.0.0-91.el7
  • rh-ruby24-rubygem-rdoc-0:5.0.0-91.el6
  • rh-ruby24-rubygem-rdoc-0:5.0.0-91.el7
  • rh-ruby24-rubygem-test-unit-0:3.2.3-91.el6
  • rh-ruby24-rubygem-test-unit-0:3.2.3-91.el7
  • rh-ruby24-rubygem-xmlrpc-0:0.2.1-91.el6
  • rh-ruby24-rubygem-xmlrpc-0:0.2.1-91.el7
  • rh-ruby24-rubygems-0:2.6.14.3-91.el6
  • rh-ruby24-rubygems-0:2.6.14.3-91.el7
  • rh-ruby24-rubygems-devel-0:2.6.14.3-91.el6
  • rh-ruby24-rubygems-devel-0:2.6.14.3-91.el7
  • rh-ruby25-ruby-0:2.5.3-6.el7
  • rh-ruby25-ruby-debuginfo-0:2.5.3-6.el7
  • rh-ruby25-ruby-devel-0:2.5.3-6.el7
  • rh-ruby25-ruby-doc-0:2.5.3-6.el7
  • rh-ruby25-ruby-irb-0:2.5.3-6.el7
  • rh-ruby25-ruby-libs-0:2.5.3-6.el7
  • rh-ruby25-rubygem-bigdecimal-0:1.3.4-6.el7
  • rh-ruby25-rubygem-did_you_mean-0:1.2.0-6.el7
  • rh-ruby25-rubygem-io-console-0:0.4.6-6.el7
  • rh-ruby25-rubygem-json-0:2.1.0-6.el7
  • rh-ruby25-rubygem-minitest-0:5.10.3-6.el7
  • rh-ruby25-rubygem-net-telnet-0:0.1.1-6.el7
  • rh-ruby25-rubygem-openssl-0:2.1.2-6.el7
  • rh-ruby25-rubygem-power_assert-0:1.1.1-6.el7
  • rh-ruby25-rubygem-psych-0:3.0.2-6.el7
  • rh-ruby25-rubygem-rake-0:12.3.0-6.el7
  • rh-ruby25-rubygem-rdoc-0:6.0.1-6.el7
  • rh-ruby25-rubygem-test-unit-0:3.2.7-6.el7
  • rh-ruby25-rubygem-xmlrpc-0:0.3.0-6.el7
  • rh-ruby25-rubygems-0:2.7.6-6.el7
  • rh-ruby25-rubygems-devel-0:2.7.6-6.el7
  • ruby-0:2.0.0.648-36.el7
  • ruby-debuginfo-0:2.0.0.648-36.el7
  • ruby-devel-0:2.0.0.648-36.el7
  • ruby-doc-0:2.0.0.648-36.el7
  • ruby-irb-0:2.0.0.648-36.el7
  • ruby-libs-0:2.0.0.648-36.el7
  • ruby-tcltk-0:2.0.0.648-36.el7
  • rubygem-bigdecimal-0:1.2.0-36.el7
  • rubygem-io-console-0:0.4.2-36.el7
  • rubygem-json-0:1.7.7-36.el7
  • rubygem-minitest-0:4.3.2-36.el7
  • rubygem-psych-0:2.0.0-36.el7
  • rubygem-rake-0:0.9.6-36.el7
  • rubygem-rdoc-0:4.0.0-36.el7
  • rubygems-0:2.0.14.1-36.el7
  • rubygems-devel-0:2.0.14.1-36.el7
  • ruby-0:2.0.0.648-36.el7_5
  • ruby-debuginfo-0:2.0.0.648-36.el7_5
  • ruby-devel-0:2.0.0.648-36.el7_5
  • ruby-doc-0:2.0.0.648-36.el7_5
  • ruby-irb-0:2.0.0.648-36.el7_5
  • ruby-libs-0:2.0.0.648-36.el7_5
  • ruby-tcltk-0:2.0.0.648-36.el7_5
  • rubygem-bigdecimal-0:1.2.0-36.el7_5
  • rubygem-io-console-0:0.4.2-36.el7_5
  • rubygem-json-0:1.7.7-36.el7_5
  • rubygem-minitest-0:4.3.2-36.el7_5
  • rubygem-psych-0:2.0.0-36.el7_5
  • rubygem-rake-0:0.9.6-36.el7_5
  • rubygem-rdoc-0:4.0.0-36.el7_5
  • rubygems-0:2.0.14.1-36.el7_5
  • rubygems-devel-0:2.0.14.1-36.el7_5
  • ruby-0:2.0.0.648-36.el7_4
  • ruby-debuginfo-0:2.0.0.648-36.el7_4
  • ruby-devel-0:2.0.0.648-36.el7_4
  • ruby-doc-0:2.0.0.648-36.el7_4
  • ruby-irb-0:2.0.0.648-36.el7_4
  • ruby-libs-0:2.0.0.648-36.el7_4
  • ruby-tcltk-0:2.0.0.648-36.el7_4
  • rubygem-bigdecimal-0:1.2.0-36.el7_4
  • rubygem-io-console-0:0.4.2-36.el7_4
  • rubygem-json-0:1.7.7-36.el7_4
  • rubygem-minitest-0:4.3.2-36.el7_4
  • rubygem-psych-0:2.0.0-36.el7_4
  • rubygem-rake-0:0.9.6-36.el7_4
  • rubygem-rdoc-0:4.0.0-36.el7_4
  • rubygems-0:2.0.14.1-36.el7_4
  • rubygems-devel-0:2.0.14.1-36.el7_4
  • ruby-0:2.0.0.648-37.el7_6
  • ruby-debuginfo-0:2.0.0.648-37.el7_6
  • ruby-devel-0:2.0.0.648-37.el7_6
  • ruby-doc-0:2.0.0.648-37.el7_6
  • ruby-irb-0:2.0.0.648-37.el7_6
  • ruby-libs-0:2.0.0.648-37.el7_6
  • ruby-tcltk-0:2.0.0.648-37.el7_6
  • rubygem-bigdecimal-0:1.2.0-37.el7_6
  • rubygem-io-console-0:0.4.2-37.el7_6
  • rubygem-json-0:1.7.7-37.el7_6
  • rubygem-minitest-0:4.3.2-37.el7_6
  • rubygem-psych-0:2.0.0-37.el7_6
  • rubygem-rake-0:0.9.6-37.el7_6
  • rubygem-rdoc-0:4.0.0-37.el7_6
  • rubygems-0:2.0.14.1-37.el7_6
  • rubygems-devel-0:2.0.14.1-37.el7_6
refmap via4
bid 103684
confirm
debian DSA-4259
mlist
  • [debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update
  • [debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update
  • [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update
  • [debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update
  • [debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update
sectrack 1042004
suse openSUSE-SU-2019:1771
ubuntu USN-3685-1
Last major update 30-04-2023 - 23:15
Published 03-04-2018 - 22:29
Last modified 30-04-2023 - 23:15
Back to Top