|
|
Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities
|
Bugtraq ID:
|
28123
|
|
Class:
|
Unknown
|
|
CVE:
|
CVE-2008-1145
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Mar 06 2008 12:00AM
|
|
Updated:
|
Jul 10 2008 10:49AM
|
|
Credit:
|
Alexandr Polyakov and Stas Svistunovich of Digital Security Research Group reported these issues to the vendor.
|
|
Vulnerable:
|
Yukihiro Matsumoto Ruby 1.9
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.4
Yukihiro Matsumoto Ruby 1.8.3
Yukihiro Matsumoto Ruby 1.8.2 pre4
+
Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre3
+
Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre2
Yukihiro Matsumoto Ruby 1.8.2 pre1
Yukihiro Matsumoto Ruby 1.8.2
+
RedHat Fedora Core4
+
RedHat Fedora Core3
Yukihiro Matsumoto Ruby 1.8.1
+
RedHat Fedora Core3
+
RedHat Fedora Core2
Yukihiro Matsumoto Ruby 1.8
+
RedHat Fedora Core3
+
Ubuntu Ubuntu Linux 5.0 4 powerpc
+
Ubuntu Ubuntu Linux 5.0 4 i386
+
Ubuntu Ubuntu Linux 5.0 4 amd64
+
Ubuntu Ubuntu Linux 4.1 ppc
+
Ubuntu Ubuntu Linux 4.1 ia64
+
Ubuntu Ubuntu Linux 4.1 ia32
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto Ruby 1.6.7
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
Debian Linux 3.0
Yukihiro Matsumoto Ruby 1.6
rPath rPath Linux 1
rPath Appliance Platform Linux Service 1
RedHat Fedora 8 0
RedHat Fedora 7 0
Metasploit Project Metasploit Framework 3.1
Metasploit Project Metasploit Framework 3.0
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.5
|
|
|
|
Not Vulnerable:
|
Yukihiro Matsumoto Ruby 1.9 -1
Yukihiro Matsumoto Ruby 1.8.6 -p114
Yukihiro Matsumoto Ruby 1.8.5 -p115
Apple Mac OS X Server 10.5.4
Apple Mac OS X 10.5.4
|
|
|
