CVE-2008-1145
Summary
| CVE | CVE-2008-1145 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-03-04 23:44:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Advisories:rPSA-2008-0123 - rPath Wiki | af854a3a-2127-422b-91ae-364da2661108 | wiki.rpath.com | Broken Link |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Broken Link |
| About the security content of Security Update 2008-004 and Mac OS X 10.5.4 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| Support / Security / Advisories / / MDVSA-2008:141 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Broken Link |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Permissions Required |
| [security-announce] SUSE Security Summary Report SUSE-SR:2008:017 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat update for ruby - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| Advisories:rPSA-2008-0123 - rPath Wiki | af854a3a-2127-422b-91ae-364da2661108 | wiki.rpath.com | Broken Link |
| [SECURITY] Fedora 8 Update: ruby-1.8.6.114-1.fc8 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| issues.rpath.com/browse/RPL-2338 | af854a3a-2127-422b-91ae-364da2661108 | issues.rpath.com | Broken Link |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| APPLE-SA-2008-06-30 Security Update 2008-004 and Mac OS X v10.5.4 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | Broken Link, Mailing List |
| Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| File access vulnerability of WEBrick | af854a3a-2127-422b-91ae-364da2661108 | www.ruby-lang.org | Exploit, Patch, Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Support / Security / Advisories / / MDVSA-2008:142 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Broken Link |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Miva Merchant: MivaScript Compiler Overview | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable, Vendor Advisory |
| Ruby WEBrick Information Disclosure Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Permissions Required |
| US-CERT Vulnerability Notes | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory, US Government Resource |
| [SECURITY] Fedora 7 Update: ruby-1.8.6.114-1.fc7 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Ruby Directory Traversal Flaw in WEBrick Library Lets Remote Users View Files on the Target System. - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| rPath update for ruby - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2008-12-04 | Mark J Cox | This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html |
There are currently no legacy QID mappings associated with this CVE.