diff options
| author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2019-03-09 19:53:51 +0900 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2019-06-24 10:11:47 +0900 |
| commit | 11a60f9bdb486b5173946a7eb11b41e5f75a28cd (patch) | |
| tree | 9f08b42546cb6fd27d6ad04216e98919d59f04de /lib | |
| parent | 97a7f463f683774f054f9d7dafc3756aad39dd1c (diff) | |
Remove extraneous spaces at the end of status line
Remove extraneous spaces after the status code that is
non-compliant with RFC, i.e `HTTP 200 OK `, to unnecessary
confusion for WEBrick users, by a risk that WEBrick instances in
the wild will have server responses flagged as suspicious or
malicious due to a similar bug in [Cobalt Strike
misconfiguration].
Reported by Matt Tennis <mtennis@paloaltonetworks.com>
[Cobalt Strike misconfiguration]: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/webrick/httpresponse.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb index 41a2510e6f..f206a05ce9 100644 --- a/lib/webrick/httpresponse.rb +++ b/lib/webrick/httpresponse.rb @@ -119,7 +119,7 @@ module WEBrick # The response's HTTP status line def status_line - "HTTP/#@http_version #@status #@reason_phrase #{CRLF}" + "HTTP/#@http_version #@status #@reason_phrase".rstrip << CRLF end ## |