CVE-2023-40175

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 18, 2023

Updated: Aug 24, 2023

CWE ID 444

Summary

CVE-2023-40175 is a vulnerability affecting the Puma web server, versions prior to 6.3.1 and 5.6.7. The issue lies in the server's incorrect handling of chunked transfer encoding bodies and zero-length Content-Length headers, leading to HTTP request smuggling. This can potentially pose a security risk, depending on the specifics of the web site in question. The vulnerability stems from incorrect parsing of trailing fields in chunked transfer encoding bodies and the parsing of blank or zero-length Content-Length headers. The vulnerability has been resolved in versions 6.3.1 and 5.6.7, and users are advised to upgrade as soon as possible. No known workarounds are available for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database