CVE-2024-47220 - WEBrick HTTP Request Smuggling

2 months ago 28
ARTICLE AD BOX
CVE ID : CVE-2024-47220
Published : Sept. 22, 2024, 1:15 a.m. | 24 minutes ago
Description : An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article