CVE-2008-1145

EPSS 18.2%

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

Affected products

n/a · n/a

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/5215unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29232 http://secunia.com/advisories/29357 http://secunia.com/advisories/29536 http://secunia.com/advisories/30802 http://secunia.com/advisories/31687 http://secunia.com/advisories/32371 https://exchange.xforce.ibmcloud.com/vulnerabilities/41010 https://issues.rpath.com/browse/RPL-2338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937 http://support.apple.com/kb/HT2163