Lucene search
K

594 matches found

SUSE CVE
SUSE CVE
added 2026/07/04 2:19 a.m.13 views

SUSE CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...

7.5CVSS6.1AI score0.00352EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-38969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that Th...

6.1AI score0.00352EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/03 11:3 a.m.11 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

6.5CVSS5.9AI score0.00352EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/02 10:17 p.m.8 views

HTTP Request Smuggling

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the request process. An attacker can bypass request boundaries and interfere with HTTP...

6.9CVSS6AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 9:16 p.m.3 views

DEBIAN-CVE-2026-38969

Bulletin has no description...

6.1AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 9:16 p.m.9 views

CVE-2026-38969

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

0.00352EPSS
Exploits0
OSV
OSV
added 2026/07/02 9:16 p.m.4 views

UBUNTU-CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.9AI score0.00352EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.37 views

CVE-2026-38969

...

0.00352EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.5 views

CVE-2026-38969

...

6.1AI score0.00352EPSS
Exploits0
RubySec
RubySec
added 2026/07/02 12:0 a.m.6 views

ruby webrick through v1.9.2 WEBrick reparses trailer

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.9AI score0.00352EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/02 12:0 a.m.9 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...

7.5CVSS6.1AI score0.00352EPSS
Exploits0
CVE
CVE
added 2026/07/02 12:0 a.m.33 views

CVE-2026-38969

CVE-2026-38969 entry is rejected/not used and does not represent an active vulnerability.

6.1AI score0.00352EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:0 a.m.6 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

5.8AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve...

7.5CVSS6.1AI score0.00352EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in JRuby

Versions of Ruby from 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4 allow HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit this to insert a newline character to split the header, thereby injecting malicious content to...

5.3CVSS6.5AI score0.04569EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in JRuby

A vulnerability was discovered in Ruby versions 2.5.8, 2.6.x up to 2.6.6, and 2.7.x up to 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, did not rigorously check the transfer-encoding header value. An attacker could potentially exploit this vulnerability to bypass a reverse proxy which...

7.5CVSS6.6AI score0.03849EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in JRuby

Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...

5.3CVSS6.8AI score0.0576EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017492 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the...

7.5CVSS7.1AI score0.03849EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS6.6AI score0.04569EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS6.6AI score0.03849EPSS
Exploits0References5
Rows per page
Query Builder