FKIE_CVE-2020-7671

Vulnerability from fkie_nvd - Published: 2020-06-10 16:15 - Updated: 2024-11-21 05:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.
References
report@snyk.iohttps://github.com/postrank-labs/goliath/issues/351%2C
report@snyk.iohttps://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/postrank-labs/goliath/issues/351%2C
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136Third Party Advisory
Impacted products
Vendor Product Version
goliath_project goliath *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:goliath_project:goliath:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "079332CF-A488-425D-A4C7-3804B6EBE665",
              "versionEndIncluding": "1.0.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks."
    },
    {
      "lang": "es",
      "value": "goliath versiones hasta 1.0.6, permite ataques de tr\u00e1fico no autorizado de peticiones en los que goliath se utiliza como backend y un proxy frontend tambi\u00e9n es vulnerable. Es posible llevar a cabo ataques de tr\u00e1fico no autorizado de peticiones HTTP mediante el env\u00edo del encabezado Content-Length dos veces. Adicionalmente, se encontr\u00f3 que los encabezados de Transfer Encoding no v\u00e1lidos se analizaron como v\u00e1lidos, lo que podr\u00eda ser aprovechado para los ataques de tr\u00e1fico no autorizado de TE:CL"
    }
  ],
  "id": "CVE-2020-7671",
  "lastModified": "2024-11-21T05:37:34.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-10T16:15:10.587",
  "references": [
    {
      "source": "report@snyk.io",
      "url": "https://github.com/postrank-labs/goliath/issues/351%2C"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/postrank-labs/goliath/issues/351%2C"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136"
    }
  ],
  "sourceIdentifier": "report@snyk.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.