Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25613

Опубликовано: 29 сент. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5rubyWill not fix
Red Hat 3scale API Management Platform 2ruby-rackWill not fix
Red Hat 3scale API Management Platform 2systemWill not fix
Red Hat Enterprise Linux 5rubyOut of support scope
Red Hat Enterprise Linux 6rubyOut of support scope
Red Hat Enterprise Linux 7rubyWill not fix
Red Hat Enterprise Linux 8rubyFixedRHSA-2021:258429.06.2021
Red Hat Enterprise Linux 8rubyFixedRHSA-2021:258729.06.2021
Red Hat Enterprise Linux 8rubyFixedRHSA-2021:258829.06.2021
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsrubyFixedRHSA-2022:058121.02.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-444
https://bugzilla.redhat.com/show_bug.cgi?id=1883623ruby: Potential HTTP request smuggling in WEBrick

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-25613

CVSS3: 7.5
ubuntu
почти 5 лет назад

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

nvd логотип

CVE-2020-25613

CVSS3: 7.5
nvd
почти 5 лет назад

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

msrc логотип

CVE-2020-25613

CVSS3: 7.5
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-25613

CVSS3: 7.5
debian
почти 5 лет назад

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...

suse-cvrf логотип

openSUSE-SU-2021:0471-1

suse-cvrf
больше 4 лет назад

Security update for ruby2.5

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3