Published: 08/02/2013 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

rack/file.rb (Rack::File) in Rack 1.5.x prior to 1.5.2 and 1.4.x prior to 1.4.5 allows malicious users to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

Vulnerable Product	Search on Vulmon	Subscribe to Product
rack project rack 1.4.4
rack project rack 1.4.2
rack project rack 1.4.3
rack project rack 1.4.0
rack project rack 1.5.1
rack project rack 1.4.1
rack project rack 1.5.0

Synopsis Moderate: Red Hat OpenShift Enterprise 112 update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Enterprise 112, which fixes several security issues, isnow availableThe Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

Debian Bug report logs - #700173 ruby-rack: CVE-2013-0262: Path sanitization information disclosure Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 9 Feb 2013 ...

Debian Bug report logs - #698440 ruby-rack: CVE-2012-6109 CVE-2013-0184 CVE-2013-0183 Package: ruby-rack; Maintainer for ruby-rack is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-rack is src:ruby-rack (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutil ...

Debian Bug report logs - #700226 ruby-rack: CVE-2013-0263: Timing attack in cookie sessions Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 9 Feb 2013 13:18:02 ...

Rack fork to accomodate backports to 1.4.7

Rack, a modular Ruby webserver interface <img src=“securetravis-ciorg/rack/rackpng” alt=“Build Status” /> <img src=“gemnasiumcom/rack/rackpng” alt=“Dependency Status” />¶ ↑ Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby

RACK Debian/Ubuntu packaging

Rack, a modular Ruby webserver interface <img src=“securetravis-ciorg/rack/rackpng” alt=“Build Status” /> <img src=“gemnasiumcom/rack/rackpng” alt=“Dependency Status” />¶ ↑ Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby

Rack, a modular Ruby webserver interface <img src=“securetravis-ciorg/rack/racksvg” alt=“Build Status” /> <img src=“gemnasiumcom/rack/racksvg” alt=“Dependency Status” />¶ ↑ Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby

CWE-22 https://bugzilla.redhat.com/show_bug.cgi?id=909072 http://secunia.com/advisories/52033 http://rack.github.com/https://gist.github.com/rentzsch/4736940 https://bugzilla.redhat.com/show_bug.cgi?id=909071 https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56 https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30 http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ https://access.redhat.com/errata/RHSA-2013:0638 https://nvd.nist.gov https://github.com/Leadformance/rack

CVE-2013-0262

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect