{"vuid":"VU#404515","idnumber":"404515","name":"Ruby WEBrick vulnerable to directory traversal","keywords":["Ruby","WEBrick Web server Toolkit","directory traversal","backslash (\\) path separators","WEBrick::HTTPServlet::FileHandler","WEBrick::HTTPServer.new",":DocumentRoot option","WEBrick::HTTPServer.new method"],"overview":"Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash (\\) path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory.","clean_desc":"WEBrick is a Ruby library program to build HTTP servers. WEBrick contains a directory traversal vulnerability in systems that accept backslash (\\) as a path separator. A remote attacker may be able to exploit this vulnerability by using encoded backslash sequences (..%5c). For more information please see \"File access vulnerability of WEBrick.\"","impact":"A remote attacker could gain access to arbitrary files outside of the web server root directory.","resolution":"Apply an Update\nRuby has released version 1.8.5-p115 and 1.8.6-p114 for the 1.8 series. For the 1.9 series, apply the patch referenced in \"File access vulnerability of WEBrick.\"","workarounds":"","sysaffected":"","thanks":"Thanks to Alexandr Polyakov for reporting this vulnerability.","author":"This document was written by John Hollenberger.","public":["http://seclists.org/bugtraq/2008/Mar/0056.html","http://secunia.com/advisories/29232/","http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/","http://www.securiteam.com/securitynews/5TP0F1PNQK.html"],"cveids":["CVE-2008-1145"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-03-06T20:42:25Z","publicdate":"2008-03-06T00:00:00Z","datefirstpublished":"2008-04-14T19:20:05Z","dateupdated":"2008-04-14T19:20:20Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"16","cam_exploitation":"3","cam_internetinfrastructure":"0","cam_population":"10","cam_impact":"9","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"12.825","cam_scorecurrentwidelyknown":"15.525","cam_scorecurrentwidelyknownexploited":"27","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":12.825,"vulnote":null}