← voltar
CVE-2007-6612

CVE-2007-6612

EPSS 3.0%
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://mongrel.rubyforge.org/news.htmlhttp://osvdb.org/39866http://rubyforge.org/pipermail/mongrel-users/2007-December/004733.htmlhttp://rubyforge.org/pipermail/mongrel-users/2007-December/004736.htmlhttp://rubyforge.org/pipermail/mongrel-users/2007-December/004742.htmlhttp://rubyforge.org/pipermail/mongrel-users/2007-December/004743.htmlhttp://secunia.com/advisories/28323http://secunia.com/advisories/30430http://www.securityfocus.com/bid/27133http://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.vupen.com/english/advisories/2008/1697