{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-47220", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-09T17:33:17.696Z", "dateReserved": "2024-09-22T00:00:00", "datePublished": "2024-09-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-25T14:15:45.642637"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ruby/webrick/issues/145"}, {"url": "https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2369994610"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2372838285"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"affected": [{"vendor": "ruby", "product": "webrick", "cpes": ["cpe:2.3:a:ruby:webrick:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T15:01:28.031073Z", "id": "CVE-2024-47220", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T17:33:17.696Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47220", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-23T15:01:28.031073Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ruby:webrick:*:*:*:*:*:*:*:*"], "vendor": "ruby", "product": "webrick", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.8.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T15:07:20.012Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/ruby/webrick/issues/145"}, {"url": "https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2369994610"}, {"url": "https://github.com/ruby/webrick/issues/145#issuecomment-2372838285"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-25T14:15:45.642637"}}}, "cveMetadata": {"cveId": "CVE-2024-47220", "state": "PUBLISHED", "dateUpdated": "2025-01-09T17:33:17.696Z", "dateReserved": "2024-09-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-09-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\""}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el kit de herramientas WEBrick a trav\u00e9s de la versi\u00f3n 1.8.1 para Ruby. Permite el contrabando de solicitudes HTTP al proporcionar un encabezado Content-Length y un encabezado Transfer-Encoding, por ejemplo, \"GET /admin HTTP/1.1\\r\\n\" dentro de una solicitud \"POST /user HTTP/1.1\\r\\n\". NOTA: la posici\u00f3n del proveedor es \"Webrick no debe usarse en producci\u00f3n\"."}], "id": "CVE-2024-47220", "lastModified": "2025-01-09T18:15:28.837", "metrics": {}, "published": "2024-09-22T01:15:11.950", "references": [{"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/issues/145"}, {"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/issues/145#issuecomment-2369994610"}, {"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/issues/145#issuecomment-2372838285"}, {"source": "cve@mitre.org", "url": "https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.9.11-25", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.9.11-11", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-340", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/fluentd-rhel9:v5.9.11-5", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-321", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-loki-rhel9:v3.3.2-8", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.9.11-6", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-operator-bundle:v5.9.11-9", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-rhel9-operator:v5.9.11-4", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-724", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-341", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/vector-rhel9:v0.34.1-30", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}], "bugzilla": {"description": "WEBrick: HTTP request smuggling", "id": "2314051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314051"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-444", "details": ["An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., \"GET /admin HTTP/1.1\\r\\n\" inside of a \"POST /user HTTP/1.1\\r\\n\" request. NOTE: the supplier's position is \"Webrick should not be used in production.\"", "A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result, unauthorized users can access restricted areas like /admin by POST /user."], "mitigation": {"lang": "en:us", "value": "As a temporary workaround, avoid using WEBrick in production environments. If you must use it, ensure that your application is behind a reverse proxy that can handle request validation and filtering to mitigate the risk of HTTP request smuggling."}, "name": "CVE-2024-47220", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-zync-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "rubygem-webrick", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite-capsule:el8/rubygem-webrick", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite:el8/rubygem-webrick", "product_name": "Red Hat Satellite 6"}], "public_date": "2024-09-22T01:15:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47220\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47220\nhttps://github.com/ruby/webrick/issues/145\nhttps://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841"], "statement": "This CVE is rated as having Moderate impact because Webrick should not be used in production. It is only still maintained because there are other gems relying on it, most of which do so only for testing, and only because it is a pure ruby implementation and it was shipped with Ruby in the past.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.", "threat_severity": "Moderate"}