USN-7057-1: WEBrick vulnerability
7 October 2024
WEBrick could allow a HTTP request smuggling attack.
Releases
Packages
- ruby-webrick - HTTP server toolkit in Ruby
Details
It was discovered that WEBrick incorrectly handled having both a Content-
Length header and a Transfer-Encoding header. A remote attacker could
possibly use this issue to perform a HTTP request smuggling attack.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
In general, a standard system update will make all the necessary changes.