Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-25613 - Vulnerability Database
Ruby

Ruby Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-25613

High
Reference: CVE-2020-25613
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-25613
Title: Ruby Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Overview:

An issue was discovered in Ruby through 2.5.8 2.6.x through 2.6.6 and 2.7.x through 2.7.1. WEBrick a simple HTTP server bundled with Ruby had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check) which may lead to an HTTP Request Smuggling attack.