CVE-2020-5207 - OpenCVE

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Jetbrains	Ktor

Configuration 1 [-]

cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/ktorio/ktor/pull/1547	Patch Third Party Advisory
https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-01-27T19:30:15

Updated: 2020-01-27T19:30:15

Reserved: 2020-01-02T00:00:00

Link: CVE-2020-5207

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-27T20:15:10.980

Modified: 2020-02-04T14:41:15.757

Link: CVE-2020-5207

JSON object: View

Redhat Information

No data.

CWE

CWE-444

{"containers": {"cna": {"affected": [{"product": "Ktor", "vendor": "Ktor.io", "versions": [{"status": "affected", "version": "< 1.3.0"}]}], "descriptions": [{"lang": "en", "value": "In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \\n as a headers separator."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T19:30:15", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ktorio/ktor/pull/1547"}], "source": {"advisory": "GHSA-xrr9-rh8p-433v", "discovery": "UNKNOWN"}, "title": "Request smuggling is possible in Ktor when both chunked TE and content length specified", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5207", "STATE": "PUBLIC", "TITLE": "Request smuggling is possible in Ktor when both chunked TE and content length specified"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ktor", "version": {"version_data": [{"version_value": "< 1.3.0"}]}}]}, "vendor_name": "Ktor.io"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \\n as a headers separator."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v", "refsource": "CONFIRM", "url": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v"}, {"name": "https://github.com/ktorio/ktor/pull/1547", "refsource": "MISC", "url": "https://github.com/ktorio/ktor/pull/1547"}]}, "source": {"advisory": "GHSA-xrr9-rh8p-433v", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5207", "datePublished": "2020-01-27T19:30:15", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2020-01-27T19:30:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D376B10-652C-4859-9DD4-98421D5D3D65", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \\n as a headers separator."}, {"lang": "es", "value": "En Ktor versiones anteriores a 1.3.0, el tr\u00e1fico no autorizado de peticiones es posible cuando se ejecuta detr\u00e1s de un proxy que no maneja Content-Length y Transfer-Encoding apropiadamente o no maneja \\n como un separador de encabezados."}], "id": "CVE-2020-5207", "lastModified": "2020-02-04T14:41:15.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-01-27T20:15:10.980", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ktorio/ktor/pull/1547"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-444"}], "source": "security-advisories@github.com", "type": "Secondary"}]}