CNNVD-202506-3196 Information
CNNVD ID
CNNVD-202506-3196
Related CVE
- CNNVD Published: 2025-06-25
Description (Chinese)
Webrick是The Ruby Programming Language开源的一个 HTTP 服务器工具包。 Webrick存在环境问题漏洞,该漏洞源于read_headers方法对HTTP标头终止符解析不一致,可能导致HTTP请求夹带攻击。
Description (English)
Webrick is an open-source HTTP server kit for The Ruby Programming Language. Webrick has an environmental loophole, which stems from the lack of consistency in the interpretation of HTTP header terminations in the read heads method, which may lead to an HTTP request for a belt attack.
Hazard Level
High
Vulnerability Type
环境问题
Affected Vendor
THE THINGS INDUSTRIES
Published
2025-06-25
Last Modified
2026-02-24
References
https://github.com/ruby/webrick/commit/ee60354bcb84ec33b9245e1d1aa6e1f7e8132101#diff-ad02984d873efb089aa51551bc6b7d307a53e0ba1ac439e91d69c2e58a478864 https://www.zerodayinitiative.com/advisories/ZDI-25-414/ https://vigilance.fr/vulnerability/Ruby-WEBrick-header-injection-via-read-headers-47893 https://nvd.nist.gov/vuln/detail/CVE-2025-6442
Patch
https://github.com/ruby/webrick/releases
Share on: