An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
                
            References
                    Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2020-10-06 13:15
Updated : 2024-11-21 05:18
NVD link : CVE-2020-25613
Mitre link : CVE-2020-25613
CVE.ORG link : CVE-2020-25613
JSON object : View
Products Affected
                ruby-lang
- webrick
- ruby
fedoraproject
- fedora
CWE
                
                    
                        
                        CWE-444
                        
            Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
