Описание
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | vulnerable code not present |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/noble | not-affected | vulnerable code not present |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | needed | |
| jammy | DNE | |
| noble | not-affected | vulnerable code not present |
| plucky | not-affected | vulnerable code not present |
| questing | not-affected | vulnerable code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.9.1-1 |
| esm-apps/jammy | DNE | |
| jammy | released | 1.7.0-3ubuntu0.2 |
| noble | released | 1.8.1-1ubuntu0.2 |
| oracular | ignored | end of life, was needs-triage |
| plucky | released | 1.8.1-1ubuntu1.1 |
| questing | released | 1.9.1-1 |
| upstream | released | 1.9.1-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/xenial | released | 2.3.1-2~ubuntu16.04.16+esm11 |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/bionic | released | 2.5.1-1ubuntu1.16+esm6 |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | released | 2.7.0-5ubuntu1.18+esm3 |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
5.9 Medium
CVSS3
Связанные уязвимости
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vu ...
Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling
5.9 Medium
CVSS3