216.73.217.47

CVE-2025-6442

· Published 25/06/2025 17:15 · Modified 26/06/2025 18:57

Labels: CVE-2025-6442 2025-06-25CVE-2025-6442CWE-444[email protected]

Essential information

Published
25/06/2025 17:15
Modified
26/06/2025 18:57
Author
Creator
CVSS
6.5 MEDIUM (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

CVSS metrics

Description

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ruby / webrick cpe:2.3:a:ruby:webrick:*:*:*:*:*:*:*:*

References