1. Home
  2. Vulnerabilities
  3. CVE-2008-1145

CVE-2008-1145

CVSS v2.0 5 (Medium)
50% Progress
EPSS 22.01 % (97th)
22.01% Progress
Affected Products 3
Advisories 7
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash () path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-03-04 23:44:00
(16 years ago)
Updated Date
2023-08-01 18:58:35
(13 months ago)

Affected Products

Fedoraproject

Ruby-lang

Configuration #1

AND
    CPE23 From Up To
OR  
  Ruby-lang Webrick for Ruby cpe:2.3:a:ruby-lang:webrick:-:*:*:*:*:ruby
OR  
  Running on/with
  Ruby-lang Ruby from 1.8.0 version and prior 1.8.5.115 version cpe:2.3:a:ruby-lang:ruby >= 1.8.0 < 1.8.5.115
OR  
  Running on/with
  Ruby-lang Ruby from 1.8.6 version and prior 1.8.6.114 version cpe:2.3:a:ruby-lang:ruby >= 1.8.6 < 1.8.6.114
OR  
  Running on/with
  Ruby-lang Ruby 1.9.0 cpe:2.3:a:ruby-lang:ruby:1.9.0
OR  
  Running on/with
  Ruby-lang Ruby 1.9.0.1 cpe:2.3:a:ruby-lang:ruby:1.9.0.1

Configuration #2

AND
    CPE23 From Up To
OR  
  Fedoraproject Fedora 7 cpe:2.3:o:fedoraproject:fedora:7
OR  
  Running on/with
  Fedoraproject Fedora 8 cpe:2.3:o:fedoraproject:fedora:8