ID CVE-2008-1145
Summary Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
References
Vulnerable Configurations
  • cpe:2.3:a:webrick:webrick:1.8
    cpe:2.3:a:webrick:webrick:1.8
  • cpe:2.3:a:webrick:webrick:1.8_p114
    cpe:2.3:a:webrick:webrick:1.8_p114
  • cpe:2.3:a:webrick:webrick:1.8_p115
    cpe:2.3:a:webrick:webrick:1.8_p115
  • cpe:2.3:a:webrick:webrick:1.9
    cpe:2.3:a:webrick:webrick:1.9
  • cpe:2.3:a:webrick:webrick:1.9_1
    cpe:2.3:a:webrick:webrick:1.9_1
CVSS
Base: 5.0 (as of 05-03-2008 - 10:50)
Impact:
Exploitability:
CWE CWE-22
CAPEC
  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
  • Using Escaped Slashes in Alternate Encoding
    This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability. CVE-2008-1145. Remote exploits for multiple platform
file exploits/multiple/remote/5215.txt
id EDB-ID:5215
last seen 2016-01-31
modified 2008-03-06
platform multiple
port
published 2008-03-06
reporter DSecRG
source https://www.exploit-db.com/download/5215/
title Ruby 1.8.6 Webrick Httpd 1.3.1 Directory Traversal Vulnerability
type remote
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-2458.NASL
    description - Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. (#226381) - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira TAGOH - 1.8.6.111-8 - Rebuild for gcc-4.3. - Tue Jan 15 2008 Akira TAGOH - 1.8.6.111-7 - Revert the change of libruby-static.a. (#428384) - Fri Jan 11 2008 Akira TAGOH - 1.8.6.111-6 - Fix an unnecessary replacement for shebang. (#426835) - Fri Jan 4 2008 Akira TAGOH - 1.8.6.111-5 - Rebuild. - Fri Dec 28 2007 Akira TAGOH - 1.8.6.111-4 - Clean up again. - Fri Dec 21 2007 Akira TAGOH - 1.8.6.111-3 - Clean up the spec file. - Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. this could be replaced by ri. - Disable the static library building. - Tue Dec 4 2007 Release Engineering - 1.8.6.111-2 - Rebuild for openssl bump - Wed Oct 31 2007 Akira TAGOH - Fix the dead link. - Mon Oct 29 2007 Akira TAGOH - 1.8.6.111-1 - New upstream release. - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users' scripts. Note that Net::HTTP#enable_post_connection_check isn't available anymore. If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE to Net::HTTP#verify_mode= instead of. - Mon Oct 15 2007 Akira TAGOH - 1.8.6.110-2 - Enable pthread support for ppc too. (#201452) - Fix unexpected dependencies appears in ruby-libs. (#253325) - Wed Oct 10 2007 Akira TAGOH - 1.8.6.110-1 - New upstream release. - ruby-r12567.patch: removed. - ruby-1.8.6-CVE-2007-5162.patch: security fix for Net::HTTP that is insufficient verification of SSL certificate. - Thu Aug 23 2007 Akira TAGOH - 1.8.6.36-4 - Rebuild - Fri Aug 10 2007 Akira TAGOH - Update License tag. - Wed Jul 25 2007 Akira TAGOH - 1.8.6.36-3 - ruby-r12567.patch: backport patch from upstream svn to get rid of the unnecessary declarations. (#245446) - Fri Jul 20 2007 Akira TAGOH - 1.8.6.36-2 - New upstream release. - Fix Etc::getgrgid to get the correct gid as requested. (#236647) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31433
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31433
    title Fedora 7 : ruby-1.8.6.114-1.fc7 (2008-2458)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-2443.NASL
    description - Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. (#226381) - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira TAGOH - 1.8.6.111-8 - Rebuild for gcc-4.3. - Tue Jan 15 2008 Akira TAGOH - 1.8.6.111-7 - Revert the change of libruby-static.a. (#428384) - Fri Jan 11 2008 Akira TAGOH - 1.8.6.111-6 - Fix an unnecessary replacement for shebang. (#426835) - Fri Jan 4 2008 Akira TAGOH - 1.8.6.111-5 - Rebuild. - Fri Dec 28 2007 Akira TAGOH - 1.8.6.111-4 - Clean up again. - Fri Dec 21 2007 Akira TAGOH - 1.8.6.111-3 - Clean up the spec file. - Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. this could be replaced by ri. - Disable the static library building. - Tue Dec 4 2007 Release Engineering - 1.8.6.111-2 - Rebuild for openssl bump - Wed Oct 31 2007 Akira TAGOH - Fix the dead link. - Mon Oct 29 2007 Akira TAGOH - 1.8.6.111-1 - New upstream release. - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users' scripts. Note that Net::HTTP#enable_post_connection_check isn't available anymore. If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE to Net::HTTP#verify_mode= instead of. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31432
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31432
    title Fedora 8 : ruby-1.8.6.114-1.fc8 (2008-2443)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-004.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-004 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 33282
    published 2008-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33282
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-004)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_4.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. Mac OS X 10.5.4 contains security fixes for multiple components.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 33281
    published 2008-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33281
    title Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-5483.NASL
    description This update of ruby fixes : - a possible information leakage (CVE-2008-1145) - a directory traversal bug (CVE-2008-1891) in WEBrick - various memory corruptions and integer overflows in array and string handling (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34028
    published 2008-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34028
    title openSUSE 10 Security Update : ruby (ruby-5483)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0897.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34502
    published 2008-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34502
    title CentOS 4 / 5 : ruby (CESA-2008:0897)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-5484.NASL
    description This update of ruby fixes : - a possible information leakage. (CVE-2008-1145) - a directory traversal bug (CVE-2008-1891) in WEBrick - various memory corruptions and integer overflows in array and string handling. (CVE-2008-2662 / CVE-2008-2663 / CVE-2008-2664 / CVE-2008-2725 / CVE-2008-2726 / CVE-2008-2727 / CVE-2008-2728)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34020
    published 2008-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34020
    title SuSE 10 Security Update : Ruby (ZYPP Patch Number 5484)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_RUBY-080729.NASL
    description This update of ruby fixes : - a possible information leakage (CVE-2008-1145) - a directory traversal bug (CVE-2008-1891) in WEBrick - various memory corruptions and integer overflows in array and string handling (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40121
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40121
    title openSUSE Security Update : ruby (ruby-123)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12214.NASL
    description This update of ruby fixes : - a possible information leakage. (CVE-2008-1145) - a directory traversal bug in WEBrick. (CVE-2008-1891) - various memory corruptions and integer overflows in array and string handling. (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41228
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41228
    title SuSE9 Security Update : Ruby (YOU Patch Number 12214)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-141.NASL
    description Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash () path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) ..%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. (CVE-2008-1145) Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. (CVE-2008-1891) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37401
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37401
    title Mandriva Linux Security Advisory : ruby (MDVSA-2008:141)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0897.NASL
    description From Red Hat Security Advisory 2008:0897 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67752
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67752
    title Oracle Linux 4 / 5 : ruby (ELSA-2008-0897)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0897.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34466
    published 2008-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34466
    title RHEL 4 / 5 : ruby (RHSA-2008:0897)
oval via4
accepted 2013-04-29T04:10:05.893-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
family unix
id oval:org.mitre.oval:def:10937
status accepted
submitted 2010-07-09T03:56:16-04:00
title Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
version 24
redhat via4
advisories
rhsa
id RHSA-2008:0897
rpms
  • irb-0:1.8.1-7.el4_7.1
  • ruby-0:1.8.1-7.el4_7.1
  • ruby-devel-0:1.8.1-7.el4_7.1
  • ruby-docs-0:1.8.1-7.el4_7.1
  • ruby-libs-0:1.8.1-7.el4_7.1
  • ruby-mode-0:1.8.1-7.el4_7.1
  • ruby-tcltk-0:1.8.1-7.el4_7.1
  • ruby-0:1.8.5-5.el5_2.5
  • ruby-devel-0:1.8.5-5.el5_2.5
  • ruby-docs-0:1.8.5-5.el5_2.5
  • ruby-irb-0:1.8.5-5.el5_2.5
  • ruby-libs-0:1.8.5-5.el5_2.5
  • ruby-mode-0:1.8.5-5.el5_2.5
  • ruby-rdoc-0:1.8.5-5.el5_2.5
  • ruby-ri-0:1.8.5-5.el5_2.5
  • ruby-tcltk-0:1.8.5-5.el5_2.5
refmap via4
apple APPLE-SA-2008-06-30
bid 28123
bugtraq
  • 20080306 Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability
  • 20080306 [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability
  • 20080325 rPSA-2008-0123-1 ruby
cert-vn VU#404515
confirm
exploit-db 5215
fedora
  • FEDORA-2008-2443
  • FEDORA-2008-2458
mandriva
  • MDVSA-2008:141
  • MDVSA-2008:142
sectrack 1019562
secunia
  • 29232
  • 29357
  • 29536
  • 30802
  • 31687
  • 32371
suse SUSE-SR:2008:017
vupen
  • ADV-2008-0787
  • ADV-2008-1981
xf ruby-webrick-directory-traversal(41010)
statements via4
contributor Mark J Cox
lastmodified 2008-12-04
organization Red Hat
statement This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html
Last major update 07-03-2011 - 22:06
Published 04-03-2008 - 18:44
Last modified 11-10-2018 - 16:29
Back to Top