AZL-64367

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64367.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-64367

Upstream

CVE-2025-6442

Published

2025-06-25T17:15:40Z

Modified

2026-04-01T05:20:18.039346Z

Summary

CVE-2025-6442 affecting package rubygem-webrick for versions less than 1.7.0-2

Details

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.

The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6442

Affected packages

Azure Linux:2 / rubygem-webrick

Package

Name: rubygem-webrick
Purl: pkg:rpm/azure-linux/rubygem-webrick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.0-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64367.json"