CVE-2024-47220 | WEBrick Toolkit up to 1.8.1 on Ruby HTTP Request /admin Content-Length/Transfer-Encoding request smuggling (Issue 145)

Posted by Angelo Barbosa | Sep 22, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in WEBrick Toolkit up to 1.8.1 on Ruby. This issue affects some unknown processing of the file /admin of the component HTTP Request Handler. The manipulation of the argument Content-Length/Transfer-Encoding leads to http request smuggling.

The identification of this vulnerability is CVE-2024-47220. The attack may be initiated remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-47220 | WEBrick Toolkit up to 1.8.1 on Ruby HTTP Request /admin Content-Length/Transfer-Encoding request smuggling (Issue 145)

Related Posts

CVE-2024-21985 | NetApp ONTAP REST API privileges management (ntap-20240126-0001)

CVE-2024-31493 | Fortinet FortiSOAR up to 7.0.3/7.2.2/7.3.0 HTTP Response unknown vulnerability (FG-IR-24-052)

CVE-2024-21827 | TP-LINK ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421 Network Request cli_server debug code (TALOS-2024-1947)

CVE-2023-52039 | Totolink X6000R 9.4.0cu.852_B20230719 sub_415AA4 Privilege Escalation