CVE-2020-25613

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in gem/webrick

Identifiers

CVE-2020-25613

Package Slug

gem/webrick

Vulnerability

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

Description

An issue was discovered in Ruby WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

Affected Versions

All versions up to 1.6.0

Solution

Upgrade to version 1.6.1 or above.

Last Modified

2020-10-22

source