File tree Expand file tree Collapse file tree 1 file changed +29
-0
lines changed Expand file tree Collapse file tree 1 file changed +29
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ gem : webrick
3+ cve : 2025-6442
4+ ghsa : r995-q44h-hr64
5+ url : https://github.com/advisories/GHSA-r995-q44h-hr64
6+ title : Ruby WEBrick read_headers method can lead to
7+ HTTP Request/Response Smuggling
8+ date : 2025-06-26
9+ description : |
10+ Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
11+
12+ This vulnerability allows remote attackers to smuggle arbitrary HTTP
13+ requests on affected installations of Ruby WEBrick. This issue is
14+ exploitable when the product is deployed behind an HTTP proxy that
15+ fulfills specific conditions.
16+
17+ The specific flaw exists within the read_headers method. The issue
18+ results from the inconsistent parsing of terminators of HTTP headers.
19+ An attacker can leverage this vulnerability to smuggle arbitrary
20+ HTTP requests. Was ZDI-CAN-21876.
21+ cvss_v3 : 6.5
22+ patched_versions :
23+ - " >= 1.8.2"
24+ related :
25+ url :
26+ - https://nvd.nist.gov/vuln/detail/CVE-2025-6442
27+ - https://github.com/ruby/webrick/commit/ee60354bcb84ec33b9245e1d1aa6e1f7e8132101#diff-ad02984d873efb089aa51551bc6b7d307a53e0ba1ac439e91d69c2e58a478864
28+ - https://www.zerodayinitiative.com/advisories/ZDI-25-414
29+ - https://github.com/advisories/GHSA-r995-q44h-hr64
You can’t perform that action at this time.
0 commit comments