Описание
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ruby | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | ruby-rack | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | system | Will not fix | ||
| Red Hat Enterprise Linux 5 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 6 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ruby | Will not fix | ||
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2021:2584 | 29.06.2021 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2021:2587 | 29.06.2021 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2021:2588 | 29.06.2021 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | ruby | Fixed | RHSA-2022:0581 | 21.02.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
An issue was discovered in Ruby through 2.5.8 2.6.x through 2.6.6 and 2.7.x through 2.7.1. WEBrick a simple HTTP server bundled with Ruby had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check) which may lead to an HTTP Request Smuggling attack.
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...
7.5 High
CVSS3