Headline
CVE-2020-25613: Make it more strict to interpret some headers · ruby/webrick@8946bb3
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
Expand Up
@@ -227,9 +227,9 @@ def parse(socket=nil)
raise HTTPStatus::BadRequest, “bad URI `#{@unparsed_uri}’.”
end
if /close/io =~ self[“connection”]
if /\Aclose\z/io =~ self[“connection”]
@keep_alive = false
elsif /keep-alive/io =~ self[“connection”]
elsif /\Akeep-alive\z/io =~ self[“connection”]
@keep_alive = true
elsif @http_version < “1.1”
@keep_alive = false
Expand Down Expand Up
@@ -508,7 +508,7 @@ def read_body(socket, block)
return unless socket
if tc = self[‘transfer-encoding’]
case tc
when /chunked/io then read_chunked(socket, block)
when /\Achunked\z/io then read_chunked(socket, block)
else raise HTTPStatus::NotImplemented, “Transfer-Encoding: #{tc}.”
end
elsif self[‘content-length’] || @remaining_size
Expand Down
Related news
Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.