CVE-2020-25613 – ruby: Potential HTTP request smuggling in WEBrick
https://notcve.org/view.php?id=CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. Se detectó un problema en Ruby versiones hasta 2.5.8, versiones 2.6.x hasta 2.6.6 y versiones 2.7.x hasta 2.7.1. WEBrick, un simple servidor HTTP integrado con Ruby, no había comprobado rigurosamente el valor del encabezado transfer-encoding. • https://github.com/metapox/CVE-2020-25613 https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7 https://hackerone.com/reports/965267 https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV https://security.gentoo.org/glsa/202401-27 https://sec • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2019-11879
https://notcve.org/view.php?id=CVE-2019-11879
The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem. ** EN DISPUTA ** La WEBrick gem versión 1.4.2 para Ruby permite salto de directorio si el atacante alguna vez tuvo acceso local para crear un enlace simbólico a una ubicación fuera del directorio web root. NOTA: El proveedor declara que esto es similar a las Opciones FollowSymlinks en el Servidor HTTP de Apache, y por lo tanto "no es un problema". • https://bugs.ruby-lang.org/issues/15835 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •