Description

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

Remediation

References

CVE-2017-17742

Related Vulnerabilities

WordPress Plugin Auctions 'upload.php' Arbitrary File Upload (2.0.1.3)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3553)

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)

WordPress Plugin Anti Plagiarism Cross-Site Scripting (3.60)

WordPress Other Vulnerability (CVE-2006-1263)

Severity

Medium

Classification

CVE-2017-17742 CWE-113 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities