CVE-2020-7671

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/postrank-labs/goliath/issues/351%2C
https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:goliath_project:goliath:*:*:*:*:*:ruby:*:*

History

No history.

Information

Published : 2020-06-10 16:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-7671

Mitre link : CVE-2020-7671

CVE.ORG link : CVE-2020-7671

JSON object : View

Products Affected

goliath_project

goliath

CWE

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

{"id": "CVE-2020-7671", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-06-10T16:15:10.587", "references": [{"url": "https://github.com/postrank-labs/goliath/issues/351%2C", "source": "report@snyk.io"}, {"url": "https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks."}, {"lang": "es", "value": "goliath versiones hasta 1.0.6, permite ataques de tr\u00e1fico no autorizado de peticiones en los que goliath se utiliza como backend y un proxy frontend tambi\u00e9n es vulnerable. Es posible llevar a cabo ataques de tr\u00e1fico no autorizado de peticiones HTTP mediante el env\u00edo del encabezado Content-Length dos veces. Adicionalmente, se encontr\u00f3 que los encabezados de Transfer Encoding no v\u00e1lidos se analizaron como v\u00e1lidos, lo que podr\u00eda ser aprovechado para los ataques de tr\u00e1fico no autorizado de TE:CL"}], "lastModified": "2023-11-07T03:26:10.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:goliath_project:goliath:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "079332CF-A488-425D-A4C7-3804B6EBE665", "versionEndIncluding": "1.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}