Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 00:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html - Broken Link, Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/29232 - Not Applicable, Vendor Advisory | |
References | () http://secunia.com/advisories/29357 - Not Applicable, Vendor Advisory | |
References | () http://secunia.com/advisories/29536 - Not Applicable | |
References | () http://secunia.com/advisories/30802 - Not Applicable | |
References | () http://secunia.com/advisories/31687 - Not Applicable | |
References | () http://secunia.com/advisories/32371 - Not Applicable | |
References | () http://support.apple.com/kb/HT2163 - Third Party Advisory | |
References | () http://wiki.rpath.com/Advisories:rPSA-2008-0123 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123 - Broken Link | |
References | () http://www.kb.cert.org/vuls/id/404515 - Third Party Advisory, US Government Resource | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:141 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:142 - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0897.html - Third Party Advisory | |
References | () http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ - Exploit, Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/489205/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/489218/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/490056/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/28123 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1019562 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2008/0787 - Permissions Required | |
References | () http://www.vupen.com/english/advisories/2008/1981/references - Permissions Required | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41010 - Third Party Advisory, VDB Entry | |
References | () https://issues.rpath.com/browse/RPL-2338 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937 - Broken Link | |
References | () https://www.exploit-db.com/exploits/5215 - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html - Third Party Advisory | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html - Third Party Advisory |
01 Aug 2023, 18:58
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/490056/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/29357 - Not Applicable, Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html - Broken Link, Mailing List | |
References | (SECUNIA) http://secunia.com/advisories/30802 - Not Applicable | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937 - Broken Link | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/5215 - Exploit, Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/0787 - Permissions Required | |
References | (CONFIRM) http://support.apple.com/kb/HT2163 - Third Party Advisory | |
References | (CONFIRM) http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/29536 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/29232 - Not Applicable, Vendor Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:141 - Broken Link | |
References | (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2008-0123 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/1981/references - Permissions Required | |
References | (CONFIRM) https://issues.rpath.com/browse/RPL-2338 - Broken Link | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html - Third Party Advisory | |
References | (CONFIRM) http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ - Exploit, Patch, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41010 - Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/489205/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/404515 - Third Party Advisory, US Government Resource | |
References | (BID) http://www.securityfocus.com/bid/28123 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1019562 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:142 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/31687 - Not Applicable | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/489218/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0897.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32371 - Not Applicable | |
CPE | cpe:2.3:a:ruby-lang:webrick:-:*:*:*:*:ruby:*:* cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:* cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* cpe:2.3:a:ruby-lang:ruby:1.9.0.1:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* |
Information
Published : 2008-03-04 23:44
Updated : 2024-11-21 00:43
NVD link : CVE-2008-1145
Mitre link : CVE-2008-1145
CVE.ORG link : CVE-2008-1145
JSON object : View
Products Affected
ruby-lang
- ruby
- webrick
fedoraproject
- fedora
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')