The host is installed with Ruby 2.3 or earlier, 2.4.x through 2.4.7, 2.5.x through 2.5.6 or 2.6.x through 2.6.4 and is prone to an HTTP response splitting vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. An attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients.