Directory traversal vulnerability in WEBrick in Ruby 1.8 prior to 1.8.5-p115 and 1.8.6-p114, and 1.9 up to and including 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote malicious users to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang webrick - |
||
fedoraproject fedora 8 |
||
fedoraproject fedora 7 |