webrick is vulnerable to HTTP request smuggling. The vulnerability exists as the request parser allows invalid Transfer-Encoding header values of close and keep-alive to be parsed and interpreted incorrectly.

CPENameOperatorVersion
webrickle1.6.0
jruby:stretcheq1.7.26-1+deb9u1
ruby2.5:bustereq2.5.5-3+deb10u2
ruby2.3:stretcheq2.3.3-1+deb9u8
ruby:3.11eq2.6.6-r2
ruby:3.10eq2.5.7-r0
ruby:3.10eq2.5.8-r0
ruby:3.12eq2.7.1-r3
ruby:edgeeq2.7.1-r3
ruby:edgeeq2.6.6-r4

Name	Operator	Version
webrick	le	1.6.0
jruby:stretch	eq	1.7.26-1+deb9u1
ruby2.5:buster	eq	2.5.5-3+deb10u2
ruby2.3:stretch	eq	2.3.3-1+deb9u8
ruby:3.11	eq	2.6.6-r2
ruby:3.10	eq	2.5.7-r0
ruby:3.10	eq	2.5.8-r0
ruby:3.12	eq	2.7.1-r3
ruby:edge	eq	2.7.1-r3
ruby:edge	eq	2.6.6-r4

Rows per page:

1-10 of 691

References

github.com/ruby/webrick/commit/076ac636bf48b7a492887ce4de7041de23e6c00d

github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7

hackerone.com/reports/965267

lists.fedoraproject.org/archives/list/[email protected]/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/

lists.fedoraproject.org/archives/list/[email protected]/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/

security.netapp.com/advisory/ntap-20210115-0008/

www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

nessus 51

osv 13

cbl_mariner 1

openvas 22

fedora 2

cvelist 1

nvd 1

debiancve 1

amazon 5

suse 1

alpinelinux 1

prion 1

debian 3

cve 1

redhatcve 1

ubuntucve 1

mageia 2

github 1

oraclelinux 3

almalinux 3

redhat 8

rocky 3

cloudfoundry 1

ubuntu 1

photon 5

ibm 1

gentoo 1

rosalinux 1

nessus

Debian DLA-2392-1 : jruby security update

2020-10-05 00:00:00

Amazon Linux AMI : ruby24 (ALAS-2020-1451)

2020-11-18 00:00:00

Photon OS 2.0: Ruby PHSA-2020-2.0-0295

2020-11-18 00:00:00

osv

WEBRick vulnerable to HTTP Request/Response Smuggling

2022-05-24 17:30:10

ruby2.3 - security update

2020-10-01 00:00:00

jruby - security update

2020-10-01 00:00:00

cbl_mariner

CVE-2020-25613 affecting package ruby 2.6.6-4

2020-11-30 19:30:48

openvas

SUSE: Security Advisory (SUSE-SU-2021:0933-1)

2021-04-19 00:00:00

Fedora: Security Advisory for ruby (FEDORA-2020-02ca18c2a0)

2020-10-16 00:00:00

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-2322)

2020-11-02 00:00:00

fedora

[SECURITY] Fedora 33 Update: ruby-2.7.2-135.fc33

2020-10-23 22:25:31

[SECURITY] Fedora 32 Update: ruby-2.7.2-135.fc32

2020-10-15 22:33:53

cvelist

CVE-2020-25613

2020-10-06 00:00:00

nvd

CVE-2020-25613

2020-10-06 13:15:13

debiancve

CVE-2020-25613

2020-10-06 13:15:13

amazon

Medium: ruby20

2021-01-12 22:51:00

Medium: ruby24

2020-11-14 01:23:00

Medium: ruby20

2020-12-16 20:31:00

suse

Security update for ruby2.5 (important)

2021-03-25 00:00:00

alpinelinux

CVE-2020-25613

2020-10-06 13:15:13

prion

Authorization

2020-10-06 13:15:00

debian

[SECURITY] [DLA 2392-1] jruby security update

2020-10-01 15:52:45

[SECURITY] [DLA 2391-1] ruby2.3 security update

2020-10-01 15:50:18

[SECURITY] [DLA 3408-1] jruby security update

2023-04-30 20:58:08

cve

CVE-2020-25613

2020-10-06 13:15:13

redhatcve

CVE-2020-25613

2020-09-29 18:18:27

ubuntucve

CVE-2020-25613

2020-10-06 00:00:00

mageia

Updated ruby packages fix a security vulnerability

2020-11-14 00:20:36

Updated jruby packages fix security vulnerabilities

2020-11-27 23:14:57

github

WEBRick vulnerable to HTTP Request/Response Smuggling

2022-05-24 17:30:10

oraclelinux

ruby:2.7 security, bug fix, and enhancement update

2021-07-07 00:00:00

ruby:2.5 security, bug fix, and enhancement update

2021-07-02 00:00:00

ruby:2.6 security, bug fix, and enhancement update

2021-07-07 00:00:00

almalinux

Moderate: ruby:2.7 security, bug fix, and enhancement update

2021-06-29 13:57:50

Moderate: ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

Moderate: ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

redhat

(RHSA-2021:2229) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update

2021-06-03 07:45:19

(RHSA-2021:2584) Moderate: ruby:2.7 security, bug fix, and enhancement update

2021-06-29 13:57:50

(RHSA-2021:2587) Moderate: ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

rocky

ruby:2.7 security, bug fix, and enhancement update

2021-06-29 13:57:50

ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

cloudfoundry

USN-4882-1: Ruby vulnerabilities | Cloud Foundry

2021-04-14 00:00:00

ubuntu

Ruby vulnerabilities

2021-03-18 00:00:00

photon

Important Photon OS Security Update - PHSA-2020-0163

2020-11-19 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0295

2020-11-12 00:00:00

Important Photon OS Security Update - PHSA-2020-3.0-0163

2020-11-19 00:00:00

ibm

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

2021-10-13 14:44:47

gentoo

Ruby: Multiple vulnerabilities

2024-01-24 00:00:00

rosalinux

Advisory ROSA-SA-2021-1966

2021-07-02 18:06:34

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for VERACODE:27282