|
|
|
 |
Vulnerability Note VU#404515Ruby WEBrick vulnerable to directory traversalOverviewRuby WEBrick is vulnerable to a directory traversal on systems that support backslash (\) path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory.I. DescriptionWEBrick is a Ruby library program to build HTTP servers. WEBrick contains a directory traversal vulnerability in systems that accept backslash (\) as a path separator. A remote attacker may be able to exploit this vulnerability by using encoded backslash sequences (..%5c). For more information please see "File access vulnerability of WEBrick."II. ImpactA remote attacker could gain access to arbitrary files outside of the web server root directory.III. SolutionApply an UpdateRuby has released version 1.8.5-p115 and 1.8.6-p114 for the 1.8 series. For the 1.9 series, apply the patch referenced in "File access vulnerability of WEBrick."
References
Thanks to Alexandr Polyakov for reporting this vulnerability. This document was written by John Hollenberger.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader