CVE-2008-1145
published 2008-03-04CVE-2008-1145: Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
18.16%
96.8th percentile
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests containing '..%5c' (URL-encoded backslash) sequences in the URI path, indicative of directory traversal attempts against WEBrick. ↗
- →Monitor for requests targeting filenames matching WEBrick's default :NondisclosureName patterns ('.ht*', '*~') using case-insensitive variants, which may bypass access restrictions on case-insensitive filesystems. ↗
- →Flag HTTP requests to WEBrick servers (User-Agent or Server header: WEBrick HTTPd 1.3.1) containing repeated '%5c' or backslash-encoded path traversal sequences. ↗
- →This vulnerability is only exploitable on systems that accept backslash as a path separator (e.g., Windows) or use case-insensitive filesystems (e.g., NTFS on Windows, HFS on Mac OS X); scope detection accordingly. ↗
- ·The :NondisclosureName option in WEBrick defaults to [".ht*", "*~"]; case-insensitive filesystem bypass only affects systems where filename matching is case-insensitive (Windows NTFS, Mac OS X HFS). ↗
- ·The backslash traversal vector only applies to systems that accept '\' as a path separator (e.g., Windows); Linux/Unix systems are not affected by vector (1). ↗
- ·Red Hat Enterprise Linux 2.1 and 3 are not affected as those packages do not include the WEBrick component. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ruby: webrick directory traversal
vendor_redhat·2008-03-03·CVSS 5.0
CVE-2008-1145 [MEDIUM] ruby: webrick directory traversal
ruby: webrick directory traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
GHSA
GHSA-f279-rf2r-m6m5: Directory traversal vulnerability in WEBrick in Ruby 1
ghsa_unreviewed·2022-05-01
CVE-2008-1145 [MEDIUM] CWE-22 GHSA-f279-rf2r-m6m5: Directory traversal vulnerability in WEBrick in Ruby 1
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
No detection rules found.
Exploit-DB
Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
exploitdb·2008-03-06
CVE-2008-1145 Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
---
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-018
Application: Ruby 1.8.6 (WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1)
Versions Affected:
1.8.4 and all prior versions
1.8.5-p114 and all prior versions
1.8.6-p113 and all prior versions
1.9.0-1 and all prior version
Vendor URL: http://www.ruby-lang.org/
Bugs: Directory traversal File Download
Exploits: YES
Reported: 20.02.2008
Vendor response: 22.02.2008
Solution: 03.03.2008
Date of Public Advisory: 06.03.2008
Authors: Alexandr Polyakov, Stas Svistunovich
Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
Description
WEBrick Httpd server has directory traversal security vulnerability.
WEBrick is an
Exploit-DB
Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service
exploitdb·2008-01-11
CVE-2008-0352 Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service
Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service
---
/*
* Clemens Kurtenbach
* PoC code for exploiting the jumbo bug found in
* linux kernels >=2.6.20 and
#include
#include
/* network */
#include
#include
#include
#include
#include
#include
#define MY_FRAME_LEN 1145
char *resolve6(unsigned char *target) {
char *ret_addr;
struct in6_addr my_in6;
char *glob_addr = (char *) &my_in6;
struct addrinfo addr_hints, *addr_result;
unsigned char out[64];
memset(&addr_hints, 0, sizeof(addr_hints));
addr_hints.ai_family = AF_INET6;
if (getaddrinfo(target, NULL, &addr_hints, &addr_result) != 0) {
printf("getaddrinfo() error\n");
exit(1);
}
if(getnameinfo(addr_result->ai_addr, addr_result->ai_addrlen, out, sizeof(out), NULL, 0, NI_NUMERICHOST) != 0){
printf("getnameinfo() error\n");
Bugzilla
CVE-2008-3656 ruby: WEBrick DoS vulnerability (CPU consumption)
bugzilla·2008-08-13·CVSS 5.0
CVE-2008-3656 [MEDIUM] CVE-2008-3656 ruby: WEBrick DoS vulnerability (CPU consumption)
CVE-2008-3656 ruby: WEBrick DoS vulnerability (CPU consumption)
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3656 to the following vulnerability:
Algorithmic complexity vulnerability in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
Refences:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
Discussion:
Created attachment 314212
Proposed patch
---
ruby-1.8.6.287-2.fc8 has been submitted as an update for Fedora 8.
http
Bugzilla
CVE-2008-1145 ruby: webrick directory traversal
bugzilla·2008-03-04·CVSS 5.0
CVE-2008-1145 [MEDIUM] CVE-2008-1145 ruby: webrick directory traversal
CVE-2008-1145 ruby: webrick directory traversal
http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
WEBrick, a standard library of Ruby to implement HTTP servers, has file access
vulnerability.
1. Systems that accept backslash (\) as a path separator, such as Windows.
2. Systems that use case insensitive filesystems such as NTFS on Windows, HFS
on Mac OS X.
Attacker can access private files by sending a url with url encoded backslash
(\). This works only on systems that accept backslash as a path separator. Or
they could bypass restrictions with case-insensitive filesystems.
Discussion:
Note: This is only a security issue if you have a ruby application using WEBrick
to serve content via HTTP from a mounted filesystem that is case insensitive or
accepts \ as
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://secunia.com/advisories/29232http://secunia.com/advisories/29357http://secunia.com/advisories/29536http://secunia.com/advisories/30802http://secunia.com/advisories/31687http://secunia.com/advisories/32371http://support.apple.com/kb/HT2163http://wiki.rpath.com/Advisories:rPSA-2008-0123http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123http://www.kb.cert.org/vuls/id/404515http://www.mandriva.com/security/advisories?name=MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:142http://www.redhat.com/support/errata/RHSA-2008-0897.htmlhttp://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/http://www.securityfocus.com/archive/1/489205/100/0/threadedhttp://www.securityfocus.com/archive/1/489218/100/0/threadedhttp://www.securityfocus.com/archive/1/490056/100/0/threadedhttp://www.securityfocus.com/bid/28123http://www.securitytracker.com/id?1019562http://www.vupen.com/english/advisories/2008/0787http://www.vupen.com/english/advisories/2008/1981/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41010https://issues.rpath.com/browse/RPL-2338https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937https://www.exploit-db.com/exploits/5215https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.htmlhttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://secunia.com/advisories/29232http://secunia.com/advisories/29357http://secunia.com/advisories/29536http://secunia.com/advisories/30802http://secunia.com/advisories/31687http://secunia.com/advisories/32371http://support.apple.com/kb/HT2163http://wiki.rpath.com/Advisories:rPSA-2008-0123http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123http://www.kb.cert.org/vuls/id/404515http://www.mandriva.com/security/advisories?name=MDVSA-2008:141http://www.mandriva.com/security/advisories?name=MDVSA-2008:142http://www.redhat.com/support/errata/RHSA-2008-0897.htmlhttp://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/http://www.securityfocus.com/archive/1/489205/100/0/threadedhttp://www.securityfocus.com/archive/1/489218/100/0/threadedhttp://www.securityfocus.com/archive/1/490056/100/0/threadedhttp://www.securityfocus.com/bid/28123http://www.securitytracker.com/id?1019562http://www.vupen.com/english/advisories/2008/0787http://www.vupen.com/english/advisories/2008/1981/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41010https://issues.rpath.com/browse/RPL-2338https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937https://www.exploit-db.com/exploits/5215https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html
2008-03-04
Published