BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
#146416 Ruby:HTTP Header injection in 'net/http' Jun 24 2016 11:19AM
redrain root (rootredrain gmail com)
TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30....

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus