logo
DATABASE RESOURCES PRICING ABOUT US

HTTP Request Smuggling

Description

webrick is vulnerable to HTTP request smuggling. The vulnerability exists as the request parser allows invalid `Transfer-Encoding` header values of `close` and `keep-alive` to be parsed and interpreted incorrectly.


Affected Software


CPE Name Name Version
webrick 1.6.0
webrick 1.3.1
jruby:stretch 1.7.26-1+deb9u1
ruby2.5:buster 2.5.5-3+deb10u2
ruby2.3:stretch 2.3.3-1+deb9u8
ruby:3.11 2.6.6-r2
ruby:3.10 2.5.7-r0
ruby:3.10 2.5.8-r0
ruby:3.12 2.7.1-r3
ruby:edge 2.6.6-r2
ruby:edge 2.6.5-r2
ruby:edge 2.6.6-r4
ruby:edge 2.7.1-r3
rh-ruby25-ruby 2.5.3__6.el7
rh-ruby25-ruby 2.5.5__7.el7
rh-ruby25-ruby 2.5.0__5.el7
rh-ruby26-ruby 2.6.2__118.el7
webrick 1.6.0
webrick 1.3.1
jruby:stretch 1.7.26-1+deb9u1
ruby2.5:buster 2.5.5-3+deb10u2
ruby2.3:stretch 2.3.3-1+deb9u8
ruby:3.11 2.6.6-r2
ruby:3.10 2.5.7-r0
ruby:3.10 2.5.8-r0
ruby:3.12 2.7.1-r3
ruby:edge 2.6.6-r2
ruby:edge 2.6.5-r2
ruby:edge 2.6.6-r4
ruby:edge 2.7.1-r3
rh-ruby25-ruby 2.5.3__6.el7
rh-ruby25-ruby 2.5.5__7.el7
rh-ruby25-ruby 2.5.0__5.el7
rh-ruby26-ruby 2.6.2__118.el7
ruby 2.0.0.598__25.ael7b_1
ruby 1.8.7.352__10.el6_4
ruby 2.0.0.648__39.el7_9
ruby 1.8.5__5.el5
ruby 2.4.6__91.el7cf
ruby 1.8.5__27.el5
ruby 1.8.7.374__5.el6
ruby 1.8.5__19.el5_6.1
ruby 2.0.0.648__35.el7_6
ruby 1.8.7.352__6.el6
ruby 2.4.9__93.el7cf
ruby 1.8.5__31.el5_9
ruby 1.8.7.374__3.el6_6
ruby 1.8.7.352__13.el6
ruby 1.8.5__29.el5_9
ruby 1.8.5__24.el5
ruby 1.8.7.352__3.el6
ruby 1.8.7.352__12.el6_4
ruby 1.8.5__5.el5_1.1
ruby 1.8.7.299__5.el6_0.1
ruby 1.8.7.299__7.el6_1.1
ruby 1.8.7.299__4.el6
ruby 2.4.5__90.el7cf
ruby 1.8.7.352__4.el6_2
ruby 1.8.5__5.el5_4.8
ruby 1.8.5__5.el5_2.5
ruby 1.8.5__5.el5_2.6
ruby 1.8.7.299__7.el6
ruby 1.8.7.374__4.el6_6
ruby 2.0.0.648__36.el7
ruby 2.0.0.648__34.el7_6
ruby 1.8.7.374__2.el6
ruby 1.8.5__5.el5_2.3
ruby 1.8.5__5.el5_3.7
ruby 1.8.5__22.el5_7.1
ruby 1.8.7.352__7.el6_2

Related