Executive Summary
Summary | |
---|---|
Title | Ruby WEBrick vulnerable to directory traversal |
Informations | |||
---|---|---|---|
Name | VU#404515 | First vendor Publication | 2008-04-14 |
Vendor | VU-CERT | Last vendor Modification | 2008-04-14 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#404515Ruby WEBrick vulnerable to directory traversalOverviewRuby WEBrick is vulnerable to a directory traversal on systems that support backslash () path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory.I. DescriptionWEBrick is a Ruby library program to build HTTP servers. WEBrick contains a directory traversal vulnerability in systems that accept backslash () as a path separator. A remote attacker may be able to exploit this vulnerability by using encoded backslash sequences (..%5c). For more information please see "File access vulnerability of WEBrick."II. ImpactA remote attacker could gain access to arbitrary files outside of the web server root directory.III. SolutionApply an UpdateRuby has released version 1.8.5-p115 and 1.8.6-p114 for the 1.8 series. For the 1.9 series, apply the patch referenced in "File access vulnerability of WEBrick."
References
Thanks to Alexandr Polyakov for reporting this vulnerability. This document was written by John Hollenberger.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/404515 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10937 | |||
Oval ID: | oval:org.mitre.oval:def:10937 | ||
Title: | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. | ||
Description: | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1145 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21785 | |||
Oval ID: | oval:org.mitre.oval:def:21785 | ||
Title: | ELSA-2008:0897: ruby security update (Moderate) | ||
Description: | resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0897-01 CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 CVE-2008-1145 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for Ruby File : nvt/sles9p5033480.nasl |
2009-04-09 | Name : Mandriva Update for ruby MDVSA-2008:141 (ruby) File : nvt/gb_mandriva_MDVSA_2008_141.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-5649 File : nvt/gb_fedora_2008_5649_ruby_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-6094 File : nvt/gb_fedora_2008_6094_ruby_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-8736 File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl |
2009-02-16 | Name : Fedora Update for ruby FEDORA-2008-2443 File : nvt/gb_fedora_2008_2443_ruby_fc8.nasl |
2009-02-16 | Name : Fedora Update for ruby FEDORA-2008-2458 File : nvt/gb_fedora_2008_2458_ruby_fc7.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42616 | Ruby WEBrick WEBrick::HTTPServ* :NondisclosureName Option Mixed Case Arbitrar... |
42615 | Ruby WEBrick WEBrick::HTTPServ* Encoded Traversal Arbitrary File Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0897.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12214.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_ruby-080729.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-141.nasl - Type : ACT_GATHER_INFO |
2008-10-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO |
2008-10-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO |
2008-08-22 | Name : The remote openSUSE host is missing a security update. File : suse_ruby-5483.nasl - Type : ACT_GATHER_INFO |
2008-08-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-5484.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6094.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-06-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5649.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2443.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2458.nasl - Type : ACT_GATHER_INFO |