Description

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

Remediation

References

CVE-2017-17742

Related Vulnerabilities

WordPress Plugin Archivist-Custom Archive Templates Multiple Vulnerabilities (1.7.4)

MySQL CVE-2017-3238 Vulnerability (CVE-2017-3238)

WordPress Plugin Easy Google Fonts Cross-Site Scripting (1.3.6)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29214)

WordPress Plugin Gutenberg Blocks by WordPress Download Manager Cross-Site Scripting (2.1.8)

Severity

Medium

Classification

CVE-2017-17742 CWE-113 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities