Remote Code Injection Vulnerability in WEBrick HTTP Server by Ruby
CVE-2011-3624

5.3MEDIUM

Key Information:

Vendor

Ruby

Status
Ruby
Vendor
CVE Published:
26 November 2019

What is CVE-2011-3624?

WEBrick, a simple HTTP server included with Ruby, suffers from a vulnerability that arises from inadequate validation of the X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server headers. This can be exploited by remote attackers to inject arbitrary content into log files or to bypass standard address parsing mechanisms through crafted requests. Such weaknesses can lead to potential security breaches if not properly addressed.

Affected Version(s)

Ruby 1.9.2

Ruby 1.8.7 and earlier

References

https://security-tracker.debian.org/tracker/CVE-2011-3624
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-3624
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.