Vulnerability CVE-2020-25613

Vulnerability Name:

CVE-2020-25613 (CCN-189414)

Assigned:

2020-09-29

Published:

2020-09-29

Updated:

2023-04-30

Summary:

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-25613

Source: XF
Type: UNKNOWN
ruby-cve202025613-request-smuggling(189414)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Permissions Required, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6498497 (Cloud Foundry Migration Runtime)
Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Source: CCN
Type: Ruby Web site
CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick

Source: cve@mitre.org
Type: Vendor Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ruby-lang:ruby:2.5.8:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:2.6.6:*:*:*:*:*:*:*

OR cpe:/a:airbrake:airbrake_ruby:2.7.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7660	P	libruby2_5-2_5-2.5.9-150000.4.26.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51988	P	Security update for python-py (Moderate)	2023-01-26
oval:org.opensuse.security:def:3582	P	libcdio14-0.90-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3070	P	freeradius-server-3.0.19-1.48 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94694	P	libproxy-devel-0.4.17-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94700	P	libruby2_5-2_5-2.5.9-150000.4.23.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:193	P	libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:102244	P	Security update for apache2-mod_auth_openidc (Moderate) (in QA)	2022-04-14
oval:org.opensuse.security:def:99221	P	(Important)	2022-03-07
oval:org.opensuse.security:def:112814	P	libruby2_7-2_7-2.7.3-3.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:34599	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:30275	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:59827	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:89482	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:55978	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:85777	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:126800	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:33051	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:26173	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:58052	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:88224	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:51703	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:83482	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:5160	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:31313	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:60422	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:56098	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:86175	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:127197	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:33746	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:29453	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:58874	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:88541	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:84243	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:31711	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:23715	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:57136	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:86693	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:82660	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:34004	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:30155	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:59569	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:89224	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:55276	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:84701	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:125633	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:32229	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:24000	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:57534	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:87515	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:83362	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:99419	P	(Moderate)	2021-10-06
oval:org.opensuse.security:def:106283	P	libruby2_7-2_7-2.7.3-3.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1122	P	Security update for jetty-minimal (Moderate)	2021-08-25
oval:org.opensuse.security:def:101407	P	sysstat-isag-12.0.2-3.27.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100969	P	libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71952	P	libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62211	P	libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)	2021-08-09
oval:com.redhat.rhsa:def:20212584	P	RHSA-2021:2584: ruby:2.7 security, bug fix, and enhancement update (Moderate)	2021-06-29
oval:com.redhat.rhsa:def:20212587	P	RHSA-2021:2587: ruby:2.5 security, bug fix, and enhancement update (Moderate)	2021-06-29
oval:com.redhat.rhsa:def:20212588	P	RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate)	2021-06-29
oval:org.opensuse.security:def:111288	P	Security update for ruby2.5 (Important)	2021-03-25
oval:org.opensuse.security:def:70008	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:108073	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:10419	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:94011	P	(Important)	2021-03-24
oval:org.opensuse.security:def:8722	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:92271	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:67072	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:99618	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:9669	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:93026	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:93443	P	(Important)	2021-03-24
oval:org.opensuse.security:def:70366	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:99026	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:108910	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:95531	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:94222	P	(Important)	2021-03-24
oval:org.opensuse.security:def:8915	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:92469	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:69612	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:99817	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:117587	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:9868	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:93179	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:93599	P	(Important)	2021-03-24
oval:org.opensuse.security:def:70559	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:100384	P	(Important)	2021-03-24
oval:org.opensuse.security:def:73793	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:94433	P	(Important)	2021-03-24
oval:org.opensuse.security:def:9110	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:92668	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:69809	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:100129	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:10226	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:93332	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:93796	P	(Important)	2021-03-24
oval:org.opensuse.security:def:5983	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:92076	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:100717	P	(Important)	2021-03-24
oval:org.opensuse.security:def:64671	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:97332	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:76140	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:9472	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:92867	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:42160	P	Security update for ruby2.5 (Important)	2021-03-24

BACK