New Search

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114 and 1.9 through 1.9.0-1 when running on systems that support backslash (\) path separators or case-insensitive file names allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

oval:org.mitre.oval:def:10937

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114 and 1.9 through 1.9.0-1 when running on systems that support backslash (\) path separators or case-insensitive file names allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 4
  • Oracle Linux 5
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
  • CentOS Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2008-1145
Product(s):