Fixed
Created: Oct 11, 2020
Updated: Jan 4, 2021
Resolved Date: Dec 25, 2020
Found In Version: 10.19.45.1
Fix Version: 10.19.45.15
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CREATE(Triage):(User=admin) [CVE-2020-25613|https://nvd.nist.gov/vuln/detail/CVE-2020-25613]
