NVD

Id
1829  
Name
CVE-2008-1891  
Description
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-03  
Published
2008-04-18  
Modified Date
2011-03-07  
Seq
2008-1891  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
11862 1829 CVE-2008-1891 http://aluigi.altervista.org/adv/webrickcgi-adv.txt  View
11863 1829 CVE-2008-1891 SUSE-SR:2008:017  View
11864 1829 CVE-2008-1891 MDVSA-2008:140  View
11865 1829 CVE-2008-1891 MDVSA-2008:141  View
11866 1829 CVE-2008-1891 http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/  View
11867 1829 CVE-2008-1891 ADV-2008-1245  View
11868 1829 CVE-2008-1891 ruby-webrick-cgi-info-disclosure(41824)  View
11869 1829 CVE-2008-1891 FEDORA-2008-5649  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50402 JVNDB-2008-005712 Ruby の WEBrick におけるディレクトリトラバーサルの脆弱性 Ruby の WEBrick は、WEBrick::HTTPServlet::FileHandler 機能、WEBrick::HTTPServer.new 機能、および :DocumentRoot オプションに関する不備があるため、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2008-1891 32004 CVE-2008-1891 1829 5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005712.html 2008-04-18 2012-12-20 View