ruby: directory traversal
| Package(s): | ruby |
CVE #(s): | CVE-2008-1145
|
| Created: | March 25, 2008 |
Updated: | August 29, 2008 |
| Description: |
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. |
| Alerts: |
| SuSE |
SUSE-SR:2008:017 |
powerdns, dnsmasq, python, mailman, ruby, Opera, neon, rxvt-unicode, perl, wireshark, namazu, gnome-screensaver, mysql |
2008-08-29 |
| Mandriva |
MDVSA-2008:142 |
ruby |
2008-07-09 |
| Mandriva |
MDVSA-2008:141 |
ruby |
2007-07-09 |
| Fedora |
FEDORA-2008-6094 |
ruby |
2008-07-04 |
| rPath |
rPSA-2008-0123-1 |
ruby |
2008-03-25 |
|
