Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2008-1891 - Vulnerability Database
Ruby

Ruby Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2008-1891

Medium
Reference: CVE-2008-1891
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-1891
Title: Ruby Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier 1.8.5 before 1.8.5-p231 1.8.6 before 1.8.6-p230 1.8.7 before 1.8.7-p22 and 1.9.0 before 1.9.0-2 when using NTFS or FAT filesystems allows remote attackers to read arbitrary CGI files via a trailing (1) (plus) (2) 2b (encoded plus) (3) . (dot) (4) 2e (encoded dot) or (5) 20 (encoded space) character in the URI possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.