CVE-2008-1145
Published: 4 March 2008
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Notes
| Author | Note |
|---|---|
| fujitsu | Only affects systems with backslash-separated paths, or case-insensitive filenames. Not us. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ruby1.8 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| edgy |
Not vulnerable
|
|
| feisty |
Not vulnerable
|
|
| gutsy |
Not vulnerable
|
|
| upstream |
Released
(1.8.5-p115, 1.8.6-p114)
|
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469475 |
||
|
ruby1.9 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| edgy |
Not vulnerable
|
|
| feisty |
Not vulnerable
|
|
| gutsy |
Not vulnerable
|
|
| upstream |
Released
(1.9.0-1)
|
|