Vulnerabilities > CVE-2008-1145 - Path Traversal vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Relative Path Traversal An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
- Directory Traversal An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
- File System Function Injection, Content Based An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
- Using Slashes and URL Encoding Combined to Bypass Validation Logic This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Exploit-Db
description | Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability. CVE-2008-1145. Remote exploits for multiple platform |
file | exploits/multiple/remote/5215.txt |
id | EDB-ID:5215 |
last seen | 2016-01-31 |
modified | 2008-03-06 |
platform | multiple |
port | |
published | 2008-03-06 |
reporter | DSecRG |
source | https://www.exploit-db.com/download/5215/ |
title | Ruby 1.8.6 Webrick Httpd 1.3.1 Directory Traversal Vulnerability |
type | remote |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0897.NASL description From Red Hat Security Advisory 2008:0897 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 67752 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67752 title Oracle Linux 4 / 5 : ruby (ELSA-2008-0897) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-141.NASL description Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash () path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) ..%5c (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. (CVE-2008-1145) Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and earlier, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. (CVE-2008-1891) Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption. (CVE-2008-2662) Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors. (CVE-2008-2663) The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca. (CVE-2008-2664) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the REALLOC_N variant. (CVE-2008-2725) Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726) Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. (CVE-2008-2376) The updated packages have been patched to fix these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37401 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37401 title Mandriva Linux Security Advisory : ruby (MDVSA-2008:141) NASL family SuSE Local Security Checks NASL id SUSE9_12214.NASL description This update of ruby fixes : - a possible information leakage. (CVE-2008-1145) - a directory traversal bug in WEBrick. (CVE-2008-1891) - various memory corruptions and integer overflows in array and string handling. (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728) last seen 2020-06-01 modified 2020-06-02 plugin id 41228 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41228 title SuSE9 Security Update : Ruby (YOU Patch Number 12214) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0897.NASL description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 34466 published 2008-10-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34466 title RHEL 4 / 5 : ruby (RHSA-2008:0897) NASL family Fedora Local Security Checks NASL id FEDORA_2008-2443.NASL description - Tue Mar 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. (#226381) - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-8 - Rebuild for gcc-4.3. - Tue Jan 15 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-7 - Revert the change of libruby-static.a. (#428384) - Fri Jan 11 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-6 - Fix an unnecessary replacement for shebang. (#426835) - Fri Jan 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-5 - Rebuild. - Fri Dec 28 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-4 - Clean up again. - Fri Dec 21 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-3 - Clean up the spec file. - Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. this could be replaced by ri. - Disable the static library building. - Tue Dec 4 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.8.6.111-2 - Rebuild for openssl bump - Wed Oct 31 2007 Akira TAGOH <tagoh at redhat.com> - Fix the dead link. - Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-1 - New upstream release. - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users last seen 2020-06-01 modified 2020-06-02 plugin id 31432 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31432 title Fedora 8 : ruby-1.8.6.114-1.fc8 (2008-2443) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0897.NASL description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 34502 published 2008-10-28 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34502 title CentOS 4 / 5 : ruby (CESA-2008:0897) NASL family Fedora Local Security Checks NASL id FEDORA_2008-6094.NASL description - Tue Jul 1 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-4 - Backported from upstream SVN to fix a segfault issue with Array#fill. - Mon Jun 30 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-3 - Backported from upstream SVN to fix a segfault issue. (#452825) - Backported from upstream SVN to fix an integer overflow in rb_ary_fill. - Wed Jun 25 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-2 - Fix a segfault issue. (#452798) - Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1 - New upstream release. - Security fixes. (#452293) - CVE-2008-1891: WEBrick CGI source disclosure. - CVE-2008-2662: Integer overflow in rb_str_buf_append(). - CVE-2008-2663: Integer overflow in rb_ary_store(). - CVE-2008-2664: Unsafe use of alloca in rb_str_format(). - CVE-2008-2725: Integer overflow in rb_ary_splice(). - CVE-2008-2726: Integer overflow in rb_ary_splice(). - ruby-1.8.6.111-CVE-2007-5162.patch: removed. - Tue Mar 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. (#226381) - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-8 - Rebuild for gcc-4.3. - Tue Jan 15 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-7 - Revert the change of libruby-static.a. (#428384) - Fri Jan 11 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-6 - Fix an unnecessary replacement for shebang. (#426835) - Fri Jan 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-5 - Rebuild. - Fri Dec 28 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-4 - Clean up again. - Fri Dec 21 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-3 - Clean up the spec file. - Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. this could be replaced by ri. - Disable the static library building. - Tue Dec 4 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.8.6.111-2 - Rebuild for openssl bump - Wed Oct 31 2007 Akira TAGOH <tagoh at redhat.com> - Fix the dead link. - Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-1 - New upstream release. - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users last seen 2020-06-01 modified 2020-06-02 plugin id 33413 published 2008-07-08 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33413 title Fedora 8 : ruby-1.8.6.230-4.fc8 (2008-6094) NASL family Fedora Local Security Checks NASL id FEDORA_2008-2458.NASL description - Tue Mar 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. (#226381) - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-8 - Rebuild for gcc-4.3. - Tue Jan 15 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-7 - Revert the change of libruby-static.a. (#428384) - Fri Jan 11 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-6 - Fix an unnecessary replacement for shebang. (#426835) - Fri Jan 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-5 - Rebuild. - Fri Dec 28 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-4 - Clean up again. - Fri Dec 21 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-3 - Clean up the spec file. - Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. this could be replaced by ri. - Disable the static library building. - Tue Dec 4 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.8.6.111-2 - Rebuild for openssl bump - Wed Oct 31 2007 Akira TAGOH <tagoh at redhat.com> - Fix the dead link. - Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-1 - New upstream release. - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users last seen 2020-06-01 modified 2020-06-02 plugin id 31433 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31433 title Fedora 7 : ruby-1.8.6.114-1.fc7 (2008-2458) NASL family SuSE Local Security Checks NASL id SUSE_RUBY-5483.NASL description This update of ruby fixes : - a possible information leakage (CVE-2008-1145) - a directory traversal bug (CVE-2008-1891) in WEBrick - various memory corruptions and integer overflows in array and string handling (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728) last seen 2020-06-01 modified 2020-06-02 plugin id 34028 published 2008-08-22 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34028 title openSUSE 10 Security Update : ruby (ruby-5483) NASL family Fedora Local Security Checks NASL id FEDORA_2008-5649.NASL description - Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1 - New upstream release. - Security fixes. (#452293) - CVE-2008-1891: WEBrick CGI source disclosure. - CVE-2008-2662: Integer overflow in rb_str_buf_append(). - CVE-2008-2663: Integer overflow in rb_ary_store(). - CVE-2008-2664: Unsafe use of alloca in rb_str_format(). - CVE-2008-2725: Integer overflow in rb_ary_splice(). - CVE-2008-2726: Integer overflow in rb_ary_splice(). - ruby-1.8.6.111-CVE-2007-5162.patch: removed. - Tue Mar 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. (#226381) - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-8 - Rebuild for gcc-4.3. - Tue Jan 15 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-7 - Revert the change of libruby-static.a. (#428384) - Fri Jan 11 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-6 - Fix an unnecessary replacement for shebang. (#426835) - Fri Jan 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-5 - Rebuild. - Fri Dec 28 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-4 - Clean up again. - Fri Dec 21 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-3 - Clean up the spec file. - Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. this could be replaced by ri. - Disable the static library building. - Tue Dec 4 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.8.6.111-2 - Rebuild for openssl bump - Wed Oct 31 2007 Akira TAGOH <tagoh at redhat.com> - Fix the dead link. - Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-1 - New upstream release. - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users last seen 2020-06-01 modified 2020-06-02 plugin id 33260 published 2008-06-26 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33260 title Fedora 8 : ruby-1.8.6.230-1.fc8 (2008-5649) NASL family SuSE Local Security Checks NASL id SUSE_11_0_RUBY-080729.NASL description This update of ruby fixes : - a possible information leakage (CVE-2008-1145) - a directory traversal bug (CVE-2008-1891) in WEBrick - various memory corruptions and integer overflows in array and string handling (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728) last seen 2020-06-01 modified 2020-06-02 plugin id 40121 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40121 title openSUSE Security Update : ruby (ruby-123) NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_4.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. Mac OS X 10.5.4 contains security fixes for multiple components. last seen 2020-06-01 modified 2020-06-02 plugin id 33281 published 2008-07-01 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33281 title Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_RUBY-5484.NASL description This update of ruby fixes : - a possible information leakage. (CVE-2008-1145) - a directory traversal bug (CVE-2008-1891) in WEBrick - various memory corruptions and integer overflows in array and string handling. (CVE-2008-2662 / CVE-2008-2663 / CVE-2008-2664 / CVE-2008-2725 / CVE-2008-2726 / CVE-2008-2727 / CVE-2008-2728) last seen 2020-06-01 modified 2020-06-02 plugin id 34020 published 2008-08-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34020 title SuSE 10 Security Update : Ruby (ZYPP Patch Number 5484) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-004.NASL description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-004 applied. This update contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 33282 published 2008-07-01 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33282 title Mac OS X Multiple Vulnerabilities (Security Update 2008-004)
Oval
accepted | 2013-04-29T04:10:05.893-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10937 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
title | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. | ||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2008-12-04 |
organization | Red Hat |
statement | This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html |
References
- http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
- http://secunia.com/advisories/29232
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html
- http://secunia.com/advisories/29357
- http://wiki.rpath.com/Advisories:rPSA-2008-0123
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123
- https://issues.rpath.com/browse/RPL-2338
- http://www.securityfocus.com/bid/28123
- http://www.securitytracker.com/id?1019562
- http://secunia.com/advisories/29536
- http://www.kb.cert.org/vuls/id/404515
- http://secunia.com/advisories/30802
- http://support.apple.com/kb/HT2163
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31687
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
- http://secunia.com/advisories/32371
- http://www.redhat.com/support/errata/RHSA-2008-0897.html
- http://www.vupen.com/english/advisories/2008/0787
- http://www.vupen.com/english/advisories/2008/1981/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41010
- https://www.exploit-db.com/exploits/5215
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937
- http://www.securityfocus.com/archive/1/490056/100/0/threaded
- http://www.securityfocus.com/archive/1/489218/100/0/threaded
- http://www.securityfocus.com/archive/1/489205/100/0/threaded