Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-17742

Опубликовано: 03 апр. 2018
Источник: debian
EPSS Низкий

Описание

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jrubyfixed9.3.9.0+ds-1package
ruby2.5fixed2.5.1-1package
ruby2.3removedpackage
ruby2.1removedpackage
ruby1.9.1removedpackage
ruby1.8removedpackage

Примечания

  • https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/

  • https://github.com/jruby/jruby/releases/tag/9.2.12.0

  • https://github.com/ruby/ruby/commit/d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16

EPSS

Процентиль: 77%
0.01067
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-17742

CVSS3: 5.3
ubuntu
почти 8 лет назад

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

redhat логотип

CVE-2017-17742

CVSS3: 4.7
redhat
почти 8 лет назад

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

nvd логотип

CVE-2017-17742

CVSS3: 5.3
nvd
почти 8 лет назад

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

github логотип

GHSA-7p4c-jf2w-hc3w

CVSS3: 5.3
github
больше 3 лет назад

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

fstec логотип

BDU:2019-04156

CVSS3: 5.3
fstec
почти 8 лет назад

Уязвимость библиотеки WEBrick интерпретатора языка программирования Ruby, позволяющая нарушителю внедрить произвольные HTTP-заголовки

EPSS

Процентиль: 77%
0.01067
Низкий