Ruby on Rails 'WEBrick::HTTPRequest' Module HTTP Header Injection Vulnerability

Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP headers because the 'WEBrick::HTTPRequest' module fails to sufficiently sanitize input.

By inserting arbitrary data into the affected HTTP header field, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.

NOTE: This issue only affects requests sent from clients on the same subnet as the server.

Ruby on Rails 3.0.5 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus