5 - VU#404515

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Ruby WEBrick vulnerable to directory traversal

Informations
Name	VU#404515	First vendor Publication	2008-04-14
Vendor	VU-CERT	Last vendor Modification	2008-04-14
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#404515

Ruby WEBrick vulnerable to directory traversal

Overview

Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash () path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory.

I. Description

WEBrick is a Ruby library program to build HTTP servers. WEBrick contains a directory traversal vulnerability in systems that accept backslash () as a path separator. A remote attacker may be able to exploit this vulnerability by using encoded backslash sequences (..%5c). For more information please see "File access vulnerability of WEBrick."

II. Impact

A remote attacker could gain access to arbitrary files outside of the web server root directory.

III. Solution

Apply an Update

Ruby has released version 1.8.5-p115 and 1.8.6-p114 for the 1.8 series. For the 1.9 series, apply the patch referenced in "File access vulnerability of WEBrick."

Systems Affected

Vendor	Status	Date Updated
Ruby	Vulnerable	4-Apr-2008

References

http://seclists.org/bugtraq/2008/Mar/0056.html
http://secunia.com/advisories/29232/
http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
http://www.securiteam.com/securitynews/5TP0F1PNQK.html

Credit

Thanks to Alexandr Polyakov for reporting this vulnerability.

This document was written by John Hollenberger.

Other Information

Date Public	03/06/2008
Date First Published	04/14/2008 03:20:05 PM
Date Last Updated	04/14/2008
CERT Advisory
CVE Name	CVE-2008-1145
US-CERT Technical Alerts
Metric	12.83
Document Revision	9

Original Source

Url : http://www.kb.cert.org/vuls/id/404515

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10937

Oval ID:	oval:org.mitre.oval:def:10937
Title:	Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Description:	Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1145	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section ruby-mode is earlier than 0:1.8.1-7.el4_7.1 AND ruby-docs is earlier than 0:1.8.1-7.el4_7.1 AND ruby-devel is earlier than 0:1.8.1-7.el4_7.1 AND ruby-tcltk is earlier than 0:1.8.1-7.el4_7.1 AND ruby is earlier than 0:1.8.1-7.el4_7.1 AND irb is earlier than 0:1.8.1-7.el4_7.1 AND ruby-libs is earlier than 0:1.8.1-7.el4_7.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section ruby-ri is earlier than 0:1.8.5-5.el5_2.5 AND ruby-mode is earlier than 0:1.8.5-5.el5_2.5 AND ruby-docs is earlier than 0:1.8.5-5.el5_2.5 AND ruby-devel is earlier than 0:1.8.5-5.el5_2.5 AND ruby is earlier than 0:1.8.5-5.el5_2.5 AND ruby-libs is earlier than 0:1.8.5-5.el5_2.5 AND ruby-tcltk is earlier than 0:1.8.5-5.el5_2.5 AND ruby-irb is earlier than 0:1.8.5-5.el5_2.5 AND ruby-rdoc is earlier than 0:1.8.5-5.el5_2.5

Definition Id: oval:org.mitre.oval:def:21785

Oval ID:	oval:org.mitre.oval:def:21785
Title:	ELSA-2008:0897: ruby security update (Moderate)
Description:	resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0897-01 CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 CVE-2008-1145	Version:	33
Platform(s):	Oracle Linux 5	Product(s):	ruby
Definition Synopsis:
Oracle Linux 5.x rpm test ruby-docs is earlier than 0:1.8.5-5.el5_2.5 AND ruby-ri is earlier than 0:1.8.5-5.el5_2.5 AND ruby-mode is earlier than 0:1.8.5-5.el5_2.5 AND ruby-tcltk is earlier than 0:1.8.5-5.el5_2.5 AND ruby-libs is earlier than 0:1.8.5-5.el5_2.5 AND ruby-irb is earlier than 0:1.8.5-5.el5_2.5 AND ruby-rdoc is earlier than 0:1.8.5-5.el5_2.5 AND ruby is earlier than 0:1.8.5-5.el5_2.5 AND ruby-devel is earlier than 0:1.8.5-5.el5_2.5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ruby-Lang Ruby cpe:2.3:a:ruby-lang:ruby:1.8.6.99:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.98:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.97:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.96:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.95:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.94:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.93:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.92:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.91:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.90:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.9:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.89:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.88:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.87:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.86:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.85:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.84:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.83:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.82:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.81:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.80:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.8:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.79:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.78:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.77:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.76:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.75:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.74:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.73:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.72:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.70:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.7:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.69:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.68:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.67:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.66:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.65:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.64:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.63:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.60:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.6:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.59:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.58:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.57:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.56:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.55:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.54:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.53:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.52:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.51:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.50:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.5:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.49:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.48:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.47:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.46:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.45:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.44:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.43:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.42:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.41:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.40:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.4:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.39:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.38:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.37:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.36:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.35:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.34:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.33:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.32:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.31:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.30:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.27:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.26:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.25:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.24:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.23:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.22:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.21:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.20:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.2:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.19:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.18:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.17:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.16:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.15:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.14:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.13:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.12:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.113:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.112:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.111:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.110:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.109:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.107:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.106:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.105:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.104:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.103:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.102:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.101:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.100:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.10:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6.1:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6-26:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:::::: cpe:2.3:a:ruby-lang:ruby:1.8.6:p287:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5.99:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.98:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.97:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.96:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.95:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.94:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.93:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.92:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.91:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.90:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.9:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.89:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.88:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.87:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.86:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.85:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.84:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.83:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.82:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.81:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.80:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.8:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.79:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.78:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.77:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.76:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.75:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.74:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.73:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.72:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.71:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.70:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.7:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.69:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.68:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.67:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.66:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.65:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.64:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.63:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.62:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.61:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.60:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.6:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.59:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.58:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.57:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.56:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.55:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.54:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.53:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.52:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.51:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.5:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.49:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.48:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.47:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.46:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.45:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.44:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.43:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.42:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.41:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.40:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.4:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.39:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.37:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.36:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.35:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.34:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.33:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.32:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.31:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.30:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.3:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.29:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.28:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.27:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.265:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.26:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.254:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.25:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.24:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.231:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.230:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.23:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.229:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.228:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.227:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.226:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.225:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.224:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.223:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.222:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.221:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.220:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.22:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.219:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.218:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.217:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.216:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.215:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.214:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.213:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.212:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.211:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.210:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.21:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.209:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.208:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.207:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.206:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.205:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.204:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.203:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.202:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.201:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.200:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.20:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.2:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.199:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.198:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.197:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.196:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.195:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.194:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.193:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.192:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.191:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.190:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.19:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.189:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.188:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.187:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.186:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.185:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.184:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.183:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.182:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.181:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.180:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.18:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.179:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.178:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.177:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.176:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.175:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.174:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.173:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.172:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.171:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.170:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.17:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.169:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.168:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.167:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.166:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.165:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.164:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.163:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.162:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.161:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.160:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.16:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.159:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.158:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.157:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.156:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.155:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.154:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.153:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.151:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.150:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.15:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.149:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.148:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.147:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.146:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.145:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.142:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.141:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.140:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.14:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.139:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.138:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.137:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.136:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.135:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.134:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.133:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.132:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.131:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.130:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.13:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.129:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.128:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.127:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.126:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.125:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.124:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.123:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.122:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.12:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.116:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.115:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.114:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.113:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.111:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.110:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.11:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.109:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.108:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.107:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.106:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.105:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.104:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.103:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.102:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.101:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.100:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.10:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5.1:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5-p230:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p52:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p231:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p114:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:::::: cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:::::: cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:::::: cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:::::: cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:::::: cpe:2.3:a:ruby-lang:ruby:1.8.4:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:::::: cpe:2.3:a:ruby-lang:ruby:1.8.3:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:::::: cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:::::: cpe:2.3:a:ruby-lang:ruby:1.8.2:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:::::: cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:::::: cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:::::: cpe:2.3:a:ruby-lang:ruby:1.8.2:preview1:::::: cpe:2.3:a:ruby-lang:ruby:1.8.1:::::::* cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:::::: cpe:2.3:a:ruby-lang:ruby:1.8.1:preview1:::::: cpe:2.3:a:ruby-lang:ruby:1.8.1:preview2:::::: cpe:2.3:a:ruby-lang:ruby:1.8.1:preview3:::::: cpe:2.3:a:ruby-lang:ruby:1.8.1:preview4:::::: cpe:2.3:a:ruby-lang:ruby:1.8.0:::::::* cpe:2.3:a:ruby-lang:ruby:1.8:::::::* cpe:2.3:a:ruby-lang:ruby:1.6.8:::::::* cpe:2.3:a:ruby-lang:ruby:1.6:::::::* cpe:2.3:a:ruby-lang:ruby:::::::: cpe:2.3:a:ruby-lang:ruby:-:::::::*	380
Application	Ruby-Lang Webrick cpe:2.3:a:ruby-lang:webrick:-:::::ruby::	1

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-10	Name : SLES9: Security update for Ruby File : nvt/sles9p5033480.nasl
2009-04-09	Name : Mandriva Update for ruby MDVSA-2008:141 (ruby) File : nvt/gb_mandriva_MDVSA_2008_141.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-5649 File : nvt/gb_fedora_2008_5649_ruby_fc8.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-6094 File : nvt/gb_fedora_2008_6094_ruby_fc8.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-8736 File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl
2009-02-16	Name : Fedora Update for ruby FEDORA-2008-2443 File : nvt/gb_fedora_2008_2443_ruby_fc8.nasl
2009-02-16	Name : Fedora Update for ruby FEDORA-2008-2458 File : nvt/gb_fedora_2008_2458_ruby_fc7.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
42616	Ruby WEBrick WEBrick::HTTPServ* :NondisclosureName Option Mixed Case Arbitrar...
42615	Ruby WEBrick WEBrick::HTTPServ* Encoded Traversal Arbitrary File Access

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12214.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_ruby-080729.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-141.nasl - Type : ACT_GATHER_INFO
2008-10-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2008-10-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2008-08-22	Name : The remote openSUSE host is missing a security update. File : suse_ruby-5483.nasl - Type : ACT_GATHER_INFO
2008-08-21	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-5484.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6094.nasl - Type : ACT_GATHER_INFO
2008-07-01	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO
2008-07-01	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO
2008-06-26	Name : The remote Fedora host is missing a security update. File : fedora_2008-5649.nasl - Type : ACT_GATHER_INFO
2008-03-13	Name : The remote Fedora host is missing a security update. File : fedora_2008-2443.nasl - Type : ACT_GATHER_INFO
2008-03-13	Name : The remote Fedora host is missing a security update. File : fedora_2008-2458.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	381
osvdb(s)	2
Openvas Exploit(s)	9
Nessus® Exploit(s)	14

	Related
5	CVE-2008-1145
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)