CVE-2019-16254

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html

https://hackerone.com/reports/331984

https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html

https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html

https://seclists.org/bugtraq/2019/Dec/31

https://seclists.org/bugtraq/2019/Dec/32

https://security.gentoo.org/glsa/202003-06

https://www.debian.org/security/2019/dsa-4586

https://www.debian.org/security/2019/dsa-4587

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/

https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/

https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/

https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/

Details

Source: MITRE

Published: 2019-11-26

Updated: 2020-08-16

Type: CWE-74

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions up to 2.3.0 (inclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from 2.4.0 to 2.4.7 (inclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from 2.5.0 to 2.5.6 (inclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* versions from 2.6.0 to 2.6.4 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
151449Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)NessusOracle Linux Local Security Checks
high
151284Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)NessusOracle Linux Local Security Checks
high
151147CentOS 8 : ruby:2.5 (CESA-2021:2587)NessusCentOS Local Security Checks
high
151146CentOS 8 : ruby:2.6 (CESA-2021:2588)NessusCentOS Local Security Checks
high
151143RHEL 8 : ruby:2.6 (RHSA-2021:2588)NessusRed Hat Local Security Checks
high
151141RHEL 8 : ruby:2.5 (RHSA-2021:2587)NessusRed Hat Local Security Checks
high
140906EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)NessusHuawei Local Security Checks
high
140096Amazon Linux AMI : ruby24 (ALAS-2020-1422)NessusAmazon Linux Local Security Checks
high
139628Debian DLA-2330-1 : jruby security updateNessusDebian Local Security Checks
high
137599SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2020:1570-1)NessusSuSE Local Security Checks
high
136232EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1529)NessusHuawei Local Security Checks
high
135605EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2020-1443)NessusHuawei Local Security Checks
critical
135161openSUSE Security Update : ruby2.5 (openSUSE-2020-395)NessusSuSE Local Security Checks
medium
134824SUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1)NessusSuSE Local Security Checks
medium
134473GLSA-202003-06 : Ruby: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
133931EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1130)NessusHuawei Local Security Checks
medium
132805EulerOS Virtualization for ARM 64 3.0.5.0 : ruby (EulerOS-SA-2020-1051)NessusHuawei Local Security Checks
high
132624EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1031)NessusHuawei Local Security Checks
high
132109Debian DSA-4587-1 : ruby2.3 - security updateNessusDebian Local Security Checks
high
132108Debian DSA-4586-1 : ruby2.5 - security updateNessusDebian Local Security Checks
high
131960Debian DLA-2027-1 : jruby security updateNessusDebian Local Security Checks
high
131392Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Ruby vulnerabilities (USN-4201-1)NessusUbuntu Local Security Checks
high
131292Debian DLA-2007-1 : ruby2.1 security updateNessusDebian Local Security Checks
high
129549FreeBSD : ruby -- multiple vulnerabilities (f7fcb75c-e537-11e9-863e-b9b7af01ba9e)NessusFreeBSD Local Security Checks
high