Описание
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-17742
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released
- https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742
- https://www.debian.org/security/2018/dsa-4259
- https://usn.ubuntu.com/3685-1
- https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
- https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html
- https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html
- https://access.redhat.com/errata/RHSA-2019:2028
- https://access.redhat.com/errata/RHSA-2018:3731
- https://access.redhat.com/errata/RHSA-2018:3730
- https://access.redhat.com/errata/RHSA-2018:3729
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- http://www.securityfocus.com/bid/103684
- http://www.securitytracker.com/id/1042004
Связанные уязвимости
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...
Уязвимость библиотеки WEBrick интерпретатора языка программирования Ruby, позволяющая нарушителю внедрить произвольные HTTP-заголовки