logo
DATABASE RESOURCES PRICING ABOUT US

Amazon Linux AMI : ruby24 (ALAS-2020-1451)

Description

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1451 advisory. - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related