Vulnerability Note VU#404515
Ruby WEBrick vulnerable to directory traversal
Overview
Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash (\) path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory.
Description
WEBrick is a Ruby library program to build HTTP servers. WEBrick contains a directory traversal vulnerability in systems that accept backslash (\) as a path separator. A remote attacker may be able to exploit this vulnerability by using encoded backslash sequences (..%5c). For more information please see "File access vulnerability of WEBrick." |
Impact
A remote attacker could gain access to arbitrary files outside of the web server root directory. |
Solution
Apply an Update Ruby has released version 1.8.5-p115 and 1.8.6-p114 for the 1.8 series. For the 1.9 series, apply the patch referenced in "File access vulnerability of WEBrick." |
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Ruby | Affected | - | 04 Apr 2008 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- http://seclists.org/bugtraq/2008/Mar/0056.html
- http://secunia.com/advisories/29232/
- http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
- http://www.securiteam.com/securitynews/5TP0F1PNQK.html
Credit
Thanks to Alexandr Polyakov for reporting this vulnerability.
This document was written by John Hollenberger.
Other Information
- CVE IDs: CVE-2008-1145
- Date Public: 06 Mar 2008
- Date First Published: 14 Apr 2008
- Date Last Updated: 14 Apr 2008
- Severity Metric: 12.83
- Document Revision: 9
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.