cbcvebase.
CVE-2008-1145
published 2008-03-04

CVE-2008-1145: Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support…

PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
18.16%
96.8th percentile
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

Affected

2 ranges
VendorProductVersion rangeFixed in
fedoraprojectfedora
fedoraprojectfedora

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://[server]:[port]/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
pathlib/webrick/httpservlet/filehandler.rb
hash20ca6cc87eb077296806412feaac0356
hash500a9f11613d6c8ab6dcf12bec1b3ed3
hashb7b58aed40fa1609a67f53cfd3a13257
  • Detect HTTP requests containing '..%5c' (URL-encoded backslash) sequences in the URI path, indicative of directory traversal attempts against WEBrick.
  • Monitor for requests targeting filenames matching WEBrick's default :NondisclosureName patterns ('.ht*', '*~') using case-insensitive variants, which may bypass access restrictions on case-insensitive filesystems.
  • Flag HTTP requests to WEBrick servers (User-Agent or Server header: WEBrick HTTPd 1.3.1) containing repeated '%5c' or backslash-encoded path traversal sequences.
  • This vulnerability is only exploitable on systems that accept backslash as a path separator (e.g., Windows) or use case-insensitive filesystems (e.g., NTFS on Windows, HFS on Mac OS X); scope detection accordingly.
  • ·The :NondisclosureName option in WEBrick defaults to [".ht*", "*~"]; case-insensitive filesystem bypass only affects systems where filename matching is case-insensitive (Windows NTFS, Mac OS X HFS).
  • ·The backslash traversal vector only applies to systems that accept '\' as a path separator (e.g., Windows); Linux/Unix systems are not affected by vector (1).
  • ·Red Hat Enterprise Linux 2.1 and 3 are not affected as those packages do not include the WEBrick component.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.