Lucene search

K
cveMitreCVE-2020-25613
HistoryOct 06, 2020 - 1:15 p.m.

CVE-2020-25613

2020-10-0613:15:13
CWE-444
mitre
web.nvd.nist.gov
492
ruby
http
request smuggling
cve-2020-25613
security
vulnerability
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

73.3%

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

Affected configurations

Nvd
Node
ruby-langrubyRange2.5.8
OR
ruby-langrubyRange2.6.02.6.6
OR
ruby-langrubyRange2.7.02.7.1
OR
ruby-langwebrickRange1.6.0ruby
Node
fedoraprojectfedoraMatch32
OR
fedoraprojectfedoraMatch33
VendorProductVersionCPE
ruby-langruby*cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
ruby-langwebrick*cpe:2.3:a:ruby-lang:webrick:*:*:*:*:*:ruby:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

73.3%