exploits , vulnerabilities , articles , Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities

Title	Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities
Published	2008-03-06-12:00AM
Updated	2008-03-25-10:49PM
Class	Unknown
CVE	CVE-2008-1145
Remote	Yes
Local	No
Credit	Alexandr Polyakov and Stas Svistunovich of Digital Security Research Group reported these issues to the vendor.
Vulnerable	Yukihiro Matsumoto Ruby 1.9 Yukihiro Matsumoto Ruby 1.8.6 Yukihiro Matsumoto Ruby 1.8.5 Yukihiro Matsumoto Ruby 1.8.5 Yukihiro Matsumoto Ruby 1.8.4 Yukihiro Matsumoto Ruby 1.8.3 Yukihiro Matsumoto Ruby 1.8.2 pre4 Gentoo Linux Yukihiro Matsumoto Ruby 1.8.2 pre3 Gentoo Linux Yukihiro Matsumoto Ruby 1.8.2 pre2 Yukihiro Matsumoto Ruby 1.8.2 pre1 Yukihiro Matsumoto Ruby 1.8.2 RedHat Fedora Core4 RedHat Fedora Core3 Yukihiro Matsumoto Ruby 1.8.1 RedHat Fedora Core3 RedHat Fedora Core2 Yukihiro Matsumoto Ruby 1.8 RedHat Fedora Core3 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Yukihiro Matsumoto Ruby 1.6.8 Yukihiro Matsumoto Ruby 1.6.7 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Yukihiro Matsumoto Ruby 1.6 rPath rPath Linux 1 rPath Appliance Platform Linux Service 1 RedHat Fedora 8 0 RedHat Fedora 7 0 Metasploit Project Metasploit Framework 3.1 Metasploit Project Metasploit Framework 3.0
Not Vulnerable	Yukihiro Matsumoto Ruby 1.9 -1 Yukihiro Matsumoto Ruby 1.8.6 -p114 Yukihiro Matsumoto Ruby 1.8.5 -p115
Code	The following proof-of-concept URI is available for the directory-traversal vulnerability:http://www.example.com/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 19:09:04 +0000