CVERadar

CVE-2024-45614

High Severity

Puma

SVRS

53/100

CVSSv3

5.4/10

EPSS

0.00044/1

CVE-2024-45614 is a header manipulation vulnerability in the Puma Ruby web server. This flaw allows malicious clients to potentially overwrite values set by intermediate proxies, such as X-Forwarded-For, by sending headers with underscores instead of hyphens (e.g., X-Forwarded_For). The Puma vulnerability impacts applications that rely on proxy-set variables for security or functionality. While the CVSS score is 5.4, indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) is 53. Upgrade to Puma version v6.4.3 or v5.6.9 to mitigate this risk, which discards headers containing underscores if their standard counterparts exist, ensuring proxy-defined headers take precedence. This vulnerability could lead to security bypasses or misidentification of users. Nginx users can also mitigate by using the underscores_in_headers configuration.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:H

PR:N

UI:N

S:C

C:L

I:L

A:N

PUBLICATION DATE2024-09-19

LAST MODIFIED2024-09-26

SOCRadar

AI Insight

Description

CVE-2024-45614 is a vulnerability in Puma, a Ruby/Rack web server. It allows clients to clobber values set by intermediate proxies by providing an underscore version of the same header. This could allow attackers to bypass security measures that rely on proxy-set variables.

Key Insights

The SVRS for CVE-2024-45614 is 38, indicating a moderate risk.
This vulnerability is actively exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

Mitigation Strategies

Upgrade to Puma v6.4.3/v5.6.9 or later.
Use Nginx with the underscores_in_headers configuration variable set to discard headers with underscores.
Cease trusting proxy-defined headers for security until upgraded to the fixed versions.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-45614 | Puma up to 5.6.8/6.4.2 Header X-Forwarded_For authorization (GHSA-9hf4-67fc-4vf4 / Nessus ID 207712)

vuldb.com2024-09-30

CVE-2024-45614 | Puma up to 5.6.8/6.4.2 Header X-Forwarded_For authorization (GHSA-9hf4-67fc-4vf4 / Nessus ID 207712) | A vulnerability has been found in Puma up to 5.6.8/6.4.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded_For leads to authorization bypass. This vulnerability is known as <a href

vuldb.com

rss

forum

news

USN-7031-2: Puma vulnerability

2024-09-24

USN-7031-2: Puma vulnerability | USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters.

ubuntu.com

rss

forum

news

Social Media

CVE

@CVEnew

2024-09-19

CVE-2024-45614 Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by provi… https://t.co/aZLelmwpgV

Affected Software

Configuration 1

Type	Vendor	Product
App	Puma	puma

References

Reference	Link
[email protected]	https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4
[email protected]	https://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers

CWE Details

CWE ID	CWE Name	Description
CWE-639	Authorization Bypass Through User-Controlled Key	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')	When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to smuggle a request to one device without the other device being aware of it.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence