594 matches found
SUSE CVE-2026-38969
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...
Linux Distros Unpatched Vulnerability : CVE-2026-38969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that Th...
CVE-2026-38969
A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...
HTTP Request Smuggling
Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...
DEBIAN-CVE-2026-38969
Bulletin has no description...
CVE-2026-38969
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
UBUNTU-CVE-2026-38969
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...
CVE-2026-38969
...
CVE-2026-38969
...
ruby webrick through v1.9.2 WEBrick reparses trailer
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...
CVE-2026-38969
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...
CVE-2026-38969
CVE-2026-38969 entry is rejected/not used and does not represent an active vulnerability.
CVE-2026-38969
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...
CVE-2026-38969
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...
Astra Linux – Vulnerability in JRuby
Versions of Ruby from 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4 allow HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit this to insert a newline character to split the header, thereby injecting malicious content to...
Astra Linux – Vulnerability in JRuby
A vulnerability was discovered in Ruby versions 2.5.8, 2.6.x up to 2.6.6, and 2.7.x up to 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, did not rigorously check the transfer-encoding header value. An attacker could potentially exploit this vulnerability to bypass a reverse proxy which...
Astra Linux – Vulnerability in JRuby
Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...
Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017492)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017492 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the...
ruby: HTTP response splitting in WEBrick
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...
ruby: Potential HTTP request smuggling in WEBrick
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...