USN-7057-2: WEBrick vulnerability
8 October 2024
WEBrick could allow a HTTP request smuggling attack.
Releases
Packages
- ruby-webrick - HTTP server toolkit in Ruby
Details
USN-7057-1 fixed a vulnerability in WEBrick. This update provides the
corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that WEBrick incorrectly handled having both a Content-
Length header and a Transfer-Encoding header. A remote attacker could
possibly use this issue to perform a HTTP request smuggling attack.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.