Directory Traversal Vulnerability in WEBrick for Ruby Products
CVE-2008-1145

Currently unrated

Key Information:

Vendor

Ruby-lang

Status
Webrick
Vendor
CVE Published:
4 March 2008

What is CVE-2008-1145?

The WEBrick component in Ruby contains a directory traversal vulnerability that permits remote attackers to access arbitrary files on the server. This weakness exploits how the system handles backslash path separators and case-insensitive file systems. Attackers can potentially access sensitive data by manipulating file paths to include encoded sequences like '..%5c' or by matching specific filename patterns. This vulnerability emphasizes the importance of secure file handling practices in web servers and the need for timely software updates.

References

http://lists.opensuse.org/opensuse-security-announce/2008...
vendor-advisoryx_refsource_SUSE
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123
x_refsource_CONFIRM
http://support.apple.com/kb/HT2163
x_refsource_CONFIRM

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.