Directory Traversal Vulnerability in WEBrick for Ruby Products
CVE-2008-1145

Currently unrated

Key Information:

Vendor: Ruby-lang
Status: Webrick
Vendor: CVE Published:; 4 March 2008

What is CVE-2008-1145?

The WEBrick component in Ruby contains a directory traversal vulnerability that permits remote attackers to access arbitrary files on the server. This weakness exploits how the system handles backslash path separators and case-insensitive file systems. Attackers can potentially access sensitive data by manipulating file paths to include encoded sequences like '..%5c' or by matching specific filename patterns. This vulnerability emphasizes the importance of secure file handling practices in web servers and the need for timely software updates.

References

http://lists.opensuse.org/opensuse-security-announce/2008...

vendor-advisoryx_refsource_SUSE

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123

x_refsource_CONFIRM

http://support.apple.com/kb/HT2163

x_refsource_CONFIRM

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 4, 2008
Vulnerability Reserved
Mar 4, 2008

Ruby-lang

What is CVE-2008-1145?

References

EPSS Score

Timeline