Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
#146416 Ruby:HTTP Header injection in 'net/http'
Jun 24 2016 11:19AM
redrain root (rootredrain gmail com)
rootredrain submitted a report to Ruby.
I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.
http = Net::HTTP.new('192.168.30....
[ more ]
Copyright 2010, SecurityFocus