|
|
Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities
|
Bugtraq ID:
|
28123
|
|
Class:
|
Unknown
|
|
CVE:
|
CVE-2008-1145
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Mar 06 2008 12:00AM
|
|
Updated:
|
Aug 29 2008 11:04PM
|
|
Credit:
|
Alexandr Polyakov and Stas Svistunovich of Digital Security Research Group reported these issues to the vendor.
|
|
Vulnerable:
|
Yukihiro Matsumoto Ruby 1.9
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.4
Yukihiro Matsumoto Ruby 1.8.3
Yukihiro Matsumoto Ruby 1.8.2 pre4
+
Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre3
+
Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre2
Yukihiro Matsumoto Ruby 1.8.2 pre1
Yukihiro Matsumoto Ruby 1.8.2
+
RedHat Fedora Core4
+
RedHat Fedora Core3
Yukihiro Matsumoto Ruby 1.8.1
+
RedHat Fedora Core3
+
RedHat Fedora Core2
Yukihiro Matsumoto Ruby 1.8
+
RedHat Fedora Core3
+
Ubuntu Ubuntu Linux 5.0 4 powerpc
+
Ubuntu Ubuntu Linux 5.0 4 i386
+
Ubuntu Ubuntu Linux 5.0 4 amd64
+
Ubuntu Ubuntu Linux 4.1 ppc
+
Ubuntu Ubuntu Linux 4.1 ia64
+
Ubuntu Ubuntu Linux 4.1 ia32
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto Ruby 1.6.7
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
Debian Linux 3.0
Yukihiro Matsumoto Ruby 1.6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. SUSE Linux Enterprise Server 10 SP2
S.u.S.E. SUSE Linux Enterprise Server 10 SP1
S.u.S.E. SUSE Linux Enterprise Server 10
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
S.u.S.E. SUSE Linux Enterprise Desktop 10
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.2 x86_64
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.2 x86_64
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9-SP3
+
Linux kernel 2.6.5
S.u.S.E. Linux Enterprise Desktop 10 SP2
S.u.S.E. Linux Enterprise Desktop 10 SP1
S.u.S.E. Linux Desktop 10
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
rPath rPath Linux 1
rPath Appliance Platform Linux Service 1
RedHat Fedora 8 0
RedHat Fedora 7 0
Metasploit Project Metasploit Framework 3.1
Metasploit Project Metasploit Framework 3.0
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.5
|
|
|
|
Not Vulnerable:
|
Yukihiro Matsumoto Ruby 1.9 -1
Yukihiro Matsumoto Ruby 1.8.6 -p114
Yukihiro Matsumoto Ruby 1.8.5 -p115
Apple Mac OS X Server 10.5.4
Apple Mac OS X 10.5.4
|
|
|
