CVE-2007-6612

Publication date 3 January 2008

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").

Status

Package Ubuntu Release Status
mongrel 7.10 gutsy
Not affected
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release

References

Other references

Access our resources on patching vulnerabilities