An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

References

github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7

hackerone.com/reports/965267

lists.debian.org/debian-lts-announce/2023/04/msg00033.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/

security.gentoo.org/glsa/202401-27

security.netapp.com/advisory/ntap-20210115-0008/

www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

nessus 51

suse 1

osv 13

openvas 22

amazon 5

prion 1

debian 3

alpinelinux 1

cve 1

veracode 1

fedora 2

debiancve 1

cbl_mariner 1

nvd 1

redhatcve 1

mageia 2

ubuntucve 1

github 1

redhat 8

rocky 3

oraclelinux 3

almalinux 3

cloudfoundry 1

ubuntu 1

photon 5

gentoo 1

ibm 1

rosalinux 1

nessus

Amazon Linux AMI : ruby20 (ALAS-2020-1467) (deprecated)

2020-12-19 00:00:00

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2021:0933-1)

2021-03-26 00:00:00

Photon OS 1.0: Ruby PHSA-2020-1.0-0338

2020-11-19 00:00:00

suse

Security update for ruby2.5 (important)

2021-03-25 00:00:00

osv

ruby2.3 - security update

2020-10-01 00:00:00

jruby - security update

2020-10-01 00:00:00

BIT-ruby-2020-25613

2024-03-06 11:06:01

openvas

openSUSE: Security Advisory for ruby2.5 (openSUSE-SU-2021:0471-1)

2021-04-16 00:00:00

Fedora: Security Advisory for ruby (FEDORA-2020-fe2a7d7390)

2020-10-24 00:00:00

Debian: Security Advisory (DLA-2391-1)

2020-10-02 00:00:00

amazon

Medium: ruby24

2020-11-14 01:23:00

Medium: ruby20

2021-01-12 22:51:00

Medium: ruby20

2020-12-16 20:31:00

prion

Authorization

2020-10-06 13:15:00

debian

[SECURITY] [DLA 2392-1] jruby security update

2020-10-01 15:53:03

[SECURITY] [DLA 2391-1] ruby2.3 security update

2020-10-01 15:50:41

[SECURITY] [DLA 3408-1] jruby security update

2023-04-30 20:58:33

alpinelinux

CVE-2020-25613

2020-10-06 13:15:13

cve

CVE-2020-25613

2020-10-06 13:15:13

veracode

HTTP Request Smuggling

2020-09-30 00:35:20

fedora

[SECURITY] Fedora 33 Update: ruby-2.7.2-135.fc33

2020-10-23 22:25:31

[SECURITY] Fedora 32 Update: ruby-2.7.2-135.fc32

2020-10-15 22:33:53

debiancve

CVE-2020-25613

2020-10-06 13:15:13

cbl_mariner

CVE-2020-25613 affecting package ruby 2.6.6-4

2020-11-30 19:30:48

nvd

CVE-2020-25613

2020-10-06 13:15:13

redhatcve

CVE-2020-25613

2020-09-29 18:18:27

mageia

Updated ruby packages fix a security vulnerability

2020-11-14 00:20:36

Updated jruby packages fix security vulnerabilities

2020-11-27 23:14:57

ubuntucve

CVE-2020-25613

2020-10-06 00:00:00

github

WEBRick vulnerable to HTTP Request/Response Smuggling

2022-05-24 17:30:10

redhat

(RHSA-2021:2229) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update

2021-06-03 07:45:19

(RHSA-2021:2584) Moderate: ruby:2.7 security, bug fix, and enhancement update

2021-06-29 13:57:50

(RHSA-2021:2104) Moderate: rh-ruby25-ruby security, bug fix, and enhancement update

2021-05-25 12:17:56

rocky

ruby:2.7 security, bug fix, and enhancement update

2021-06-29 13:57:50

ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

oraclelinux

ruby:2.7 security, bug fix, and enhancement update

2021-07-07 00:00:00

ruby:2.5 security, bug fix, and enhancement update

2021-07-02 00:00:00

ruby:2.6 security, bug fix, and enhancement update

2021-07-07 00:00:00

almalinux

Moderate: ruby:2.7 security, bug fix, and enhancement update

2021-06-29 13:57:50

Moderate: ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

Moderate: ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

cloudfoundry

USN-4882-1: Ruby vulnerabilities | Cloud Foundry

2021-04-14 00:00:00

ubuntu

Ruby vulnerabilities

2021-03-18 00:00:00

photon

Important Photon OS Security Update - PHSA-2020-0163

2020-11-19 00:00:00

Important Photon OS Security Update - PHSA-2020-3.0-0163

2020-11-19 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0295

2020-11-12 00:00:00

gentoo

Ruby: Multiple vulnerabilities

2024-01-24 00:00:00

ibm

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

2021-10-13 14:44:47

rosalinux

Advisory ROSA-SA-2021-1966

2021-07-02 18:06:34

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON

Related for CVELIST:CVE-2020-25613