Description

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

Remediation

References

CVE-2017-17742

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1500)

WordPress Plugin Redirection 'id' Parameter Cross-Site Scripting (2.2.8)

WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)

WordPress Plugin Widgets for WooCommerce Products on Elementor Cross-Site Scripting (1.0.7)

Oracle Database Server CVE-2014-2478 Vulnerability (CVE-2014-2478)

Severity

Medium

Classification

CVE-2017-17742 CWE-113 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities