CVE-2020-25613

HIGH LAB

Ruby WEBrick < 1.6.0 - HTTP Request Smuggling via Transfer-Encoding Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25613. PoCs published by metapox.

AI-analyzed exploit summary This PoC demonstrates an HTTP request smuggling attack (CVE-2020-25613) by sending a malformed chunked request to bypass front-end security controls and access a restricted endpoint (/flag). The Ruby server simulates the vulnerable backend behavior.

Description

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

Exploits (1)

nomisec WORKING POC

by metapox · poc

https://github.com/metapox/CVE-2020-25613

View Code ZIP pw:eip

This PoC demonstrates an HTTP request smuggling attack (CVE-2020-25613) by sending a malformed chunked request to bypass front-end security controls and access a restricted endpoint (/flag). The Ruby server simulates the vulnerable backend behavior.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Dell EMC iDRAC9 versions prior to 4.40.40.00

No auth needed

Prerequisites: Network access to the target server · Vulnerable iDRAC9 instance

MITRE ATT&CK