• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities

Ruby's WEBrick server is prone to remote directory-traversal and information-disclosure vulnerabilities.

Successfully exploiting these issues allows remote attackers to access the contents of arbitrary files. Information harvested may aid in further attacks.

These issues affect only operating systems that allow backslash (\) characters as path separators and operating systems that use case-insensitive filenames. This exposes Microsoft Windows and Apple Mac OS X operating systems to attack.