CVE-2008-1145
Summary
| CVE | CVE-2008-1145 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2008-03-04 23:44:00 UTC |
|---|
| Updated | 2023-08-01 18:58:00 UTC |
|---|
| Description | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| rPath update for ruby - Advisories - Secunia |
SECUNIA |
secunia.com |
|
| About the security content of Security Update 2008-004 and Mac OS X 10.5.4 |
CONFIRM |
support.apple.com |
|
| Miva Merchant: MivaScript Compiler Overview |
SECUNIA |
secunia.com |
Vendor Advisory |
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| [SECURITY] Fedora 8 Update: ruby-1.8.6.114-1.fc8 |
FEDORA |
www.redhat.com |
|
| File access vulnerability of WEBrick |
CONFIRM |
www.ruby-lang.org |
Exploit, Patch |
| SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com |
SECUNIA |
secunia.com |
|
| [security-announce] SUSE Security Summary Report SUSE-SR:2008:017 |
SUSE |
lists.opensuse.org |
|
| Ruby Directory Traversal Flaw in WEBrick Library Lets Remote Users View Files on the Target System. - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| [SECURITY] Fedora 7 Update: ruby-1.8.6.114-1.fc7 |
FEDORA |
www.redhat.com |
|
| Red Hat update for ruby - Secunia Advisories - Vulnerability Intelligence - Secunia.com |
SECUNIA |
secunia.com |
|
| Ruby WEBrick Information Disclosure Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com |
SECUNIA |
secunia.com |
Vendor Advisory |
| APPLE-SA-2008-06-30 Security Update 2008-004 and Mac OS X v10.5.4 |
APPLE |
lists.apple.com |
|
| Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities |
BID |
www.securityfocus.com |
|
| US-CERT Vulnerability Notes |
CERT-VN |
www.kb.cert.org |
US Government Resource |
| Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com |
SECUNIA |
secunia.com |
|
| Advisories:rPSA-2008-0123 - rPath Wiki |
CONFIRM |
wiki.rpath.com |
|
| Repository / Oval Repository |
OVAL |
oval.cisecurity.org |
|
| Advisories:rPSA-2008-0123 - rPath Wiki |
CONFIRM |
wiki.rpath.com |
|
| Support / Security / Advisories / / MDVSA-2008:142 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| Support / Security / Advisories / / MDVSA-2008:141 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| IBM X-Force Exchange |
XF |
exchange.xforce.ibmcloud.com |
|
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| Red Hat Customer Portal |
REDHAT |
www.redhat.com |
|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH |
VUPEN |
www.vupen.com |
|
| Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability |
EXPLOIT-DB |
www.exploit-db.com |
|
| issues.rpath.com/browse/RPL-2338 |
CONFIRM |
issues.rpath.com |
|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH |
VUPEN |
www.vupen.com |
|
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2008-12-04 | Mark J Cox | This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html |
There are currently no legacy QID mappings associated with this CVE.
