• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mongrel 'DirHandler' Class Directory Traversal Information Disclosure Vulnerability

Mongrel is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to view sensitive files within the context of the webserver process. Information obtained may lead to other attacks.

This issue affects Mongrel 1.0.4 and versions prior to 1.1.3.