CVE - CVE-2008-1145

CVE-ID
CVE-2008-1145	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1019562 URL:http://www.securitytracker.com/id?1019562 MISC:20080306 Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability URL:http://www.securityfocus.com/archive/1/489218/100/0/threaded MISC:20080306 [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability URL:http://www.securityfocus.com/archive/1/489205/100/0/threaded MISC:20080325 rPSA-2008-0123-1 ruby URL:http://www.securityfocus.com/archive/1/490056/100/0/threaded MISC:28123 URL:http://www.securityfocus.com/bid/28123 MISC:29232 URL:http://secunia.com/advisories/29232 MISC:29357 URL:http://secunia.com/advisories/29357 MISC:29536 URL:http://secunia.com/advisories/29536 MISC:30802 URL:http://secunia.com/advisories/30802 MISC:31687 URL:http://secunia.com/advisories/31687 MISC:32371 URL:http://secunia.com/advisories/32371 MISC:5215 URL:https://www.exploit-db.com/exploits/5215 MISC:ADV-2008-0787 URL:~~http://www.vupen.com/english/advisories/2008/0787~~ (Obsolete source) MISC:ADV-2008-1981 URL:~~http://www.vupen.com/english/advisories/2008/1981/references~~ (Obsolete source) MISC:APPLE-SA-2008-06-30 URL:http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html MISC:FEDORA-2008-2443 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html MISC:FEDORA-2008-2458 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html MISC:MDVSA-2008:141 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:141~~ (Obsolete source) MISC:MDVSA-2008:142 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:142~~ (Obsolete source) MISC:RHSA-2008:0897 URL:http://www.redhat.com/support/errata/RHSA-2008-0897.html MISC:SUSE-SR:2008:017 URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html MISC:VU#404515 URL:http://www.kb.cert.org/vuls/id/404515 MISC:http://support.apple.com/kb/HT2163 URL:http://support.apple.com/kb/HT2163 MISC:http://wiki.rpath.com/Advisories:rPSA-2008-0123 URL:http://wiki.rpath.com/Advisories:rPSA-2008-0123 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123 MISC:http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ URL:http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ MISC:https://issues.rpath.com/browse/RPL-2338 URL:https://issues.rpath.com/browse/RPL-2338 MISC:oval:org.mitre.oval:def:10937 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937 MISC:ruby-webrick-directory-traversal(41010) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41010
Assigning CNA
Red Hat, Inc.
Date Record Created
20080304	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080304)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)