Vulnerability in N/a

CVE-2008-1145

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers…

EPSS: 0.599 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

SUSE-SR:2008:017 (vendor-advisory, x_refsource_SUSE)
wiki.rpath.com/wiki/Advisories:rPSA-2008-0123 (x_refsource_CONFIRM)
support.apple.com/kb/HT2163 (x_refsource_CONFIRM)
29357 (x_refsource_SECUNIA, third-party-advisory)
20080325 rPSA-2008-0123-1 ruby (mailing-list, x_refsource_BUGTRAQ)
VU#404515 (x_refsource_CERT-VN, third-party-advisory)
28123 (vdb-entry, x_refsource_BID)
MDVSA-2008:141 (vendor-advisory, x_refsource_MANDRIVA)
20080306 [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability (mailing-list, x_refsource_BUGTRAQ)
ADV-2008-1981 (vdb-entry, x_refsource_VUPEN)