Bug 745636 (CVE-2011-3624)

Summary: CVE-2011-3624 Ruby WEBrick::HTTPRequest X-Forwarded-* allows arbitrary data
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: vdanen, vondruch
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-11 08:37:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 809206    
Bug Blocks:    

Comment 1 Kurt Seifried 2011-10-12 21:39:42 UTC
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2-p290 and
1.8.7-p352 and earlier and do not validate the X-Forwarded-For,
X-Forwarded-Host and X-Forwarded-Server headers in requests, which might
allow remote attackers to inject arbitrary text into log files or bypass
intended address parsing via a crafted header.

https://redmine.ruby-lang.org/issues/5418

Rating is low due to limited impact (log file corruption/etc.), exploitation via another user requires man in the middle or control of a web proxy used by the user.