CVE-2007-6612 - Path Traversal vulnerability in Mongrel 1.0.4/1.1.1/1.1.2

Publication

2008-01-03

Last modification

2011-03-08

Summary

Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").

Description

Mongrel is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input.An attacker can exploit this issue to view sensitive files within the context of the webserver process. Information obtained may lead to other attacks. This issue affects Mongrel 1.0.4 and versions prior to 1.1.3.

Solution

The vendor has released an update. Please see the references for more information. Apple Mac OS X 10.5 Apple Security Update 2008-003 (Intel) http://www.apple.com/support/downloads/securityupdate2008003intel.html Apple Security Update 2008-003 (PPC) http://www.apple.com/support/downloads/securityupdate2008003ppc.html Apple Mac OS X Server 10.5 Apple Security Update 2008-003 Server (PPC) http://www.apple.com/support/downloads/securityupdate2008003serverppc. html Apple Security Update 2008-003 Server (Universal) http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html Mongrel Mongrel 1.0.4 Mongrel mongrel-1.0.5.tgz http://rubyforge.org/frs/download.php/29896/mongrel-1.0.5.tgz Mongrel Mongrel 1.1.2 Mongrel mongrel-1.1.3.tgz http://rubyforge.org/frs/download.php/30048/mongrel-1.1.3.tgz Apple Mac OS X Server 10.4.11 Apple Security Update 2008-003 Server (PPC) http://www.apple.com/support/downloads/securityupdate2008003serverppc. html Apple Security Update 2008-003 Server (Universal) http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html Apple Mac OS X 10.4.11 Apple Security Update 2008-003 (Intel) http://www.apple.com/support/downloads/securityupdate2008003intel.html Apple Security Update 2008-003 (PPC) http://www.apple.com/support/downloads/securityupdate2008003ppc.html Apple Mac OS X Server 10.5.1 Apple Security Update 2008-003 Server (PPC) http://www.apple.com/support/downloads/securityupdate2008003serverppc. html Apple Security Update 2008-003 Server (Universal) http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html Apple Mac OS X 10.5.1 Apple Security Update 2008-003 (Intel) http://www.apple.com/support/downloads/securityupdate2008003intel.html Apple Security Update 2008-003 (PPC) http://www.apple.com/support/downloads/securityupdate2008003ppc.html Apple Mac OS X 10.5.2 Apple Security Update 2008-003 (Intel) http://www.apple.com/support/downloads/securityupdate2008003intel.html Apple Security Update 2008-003 (PPC) http://www.apple.com/support/downloads/securityupdate2008003ppc.html Apple Mac OS X Server 10.5.2 Apple Security Update 2008-003 Server (PPC) http://www.apple.com/support/downloads/securityupdate2008003serverppc. html Apple Security Update 2008-003 Server (Universal) http://www.apple.com/support/downloads/securityupdate2008003serveruniv ersal.html

Exploit

Attackers can exploit this vulnerability with a browser.

Classification

CWE-22 - Path Traversal

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:N)

Medium

6.4

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Mongrel Mongrel  1.1.1 , 1.0.4 , 1.1.2