Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-1145
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-04 Mar, 2008 | 23:44
Updated At-23 Apr, 2026 | 00:35

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Ruby
ruby-lang
>>webrick>>-
cpe:2.3:a:ruby-lang:webrick:-:*:*:*:*:ruby:*:*
Ruby
ruby-lang
>>ruby>>Versions from 1.8.0(inclusive) to 1.8.5.115(exclusive)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>Versions from 1.8.6(inclusive) to 1.8.6.114(exclusive)
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.0
cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.0.1
cpe:2.3:a:ruby-lang:ruby:1.9.0.1:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>7
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>8
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-12-04T00:00:00

This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlsecalert@redhat.com
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://secunia.com/advisories/29232secalert@redhat.com
Not Applicable
Vendor Advisory
http://secunia.com/advisories/29357secalert@redhat.com
Not Applicable
Vendor Advisory
http://secunia.com/advisories/29536secalert@redhat.com
Not Applicable
http://secunia.com/advisories/30802secalert@redhat.com
Not Applicable
http://secunia.com/advisories/31687secalert@redhat.com
Not Applicable
http://secunia.com/advisories/32371secalert@redhat.com
Not Applicable
http://support.apple.com/kb/HT2163secalert@redhat.com
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0123secalert@redhat.com
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123secalert@redhat.com
Broken Link
http://www.kb.cert.org/vuls/id/404515secalert@redhat.com
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141secalert@redhat.com
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142secalert@redhat.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0897.htmlsecalert@redhat.com
Third Party Advisory
http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/secalert@redhat.com
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/489205/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/489218/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/490056/100/0/threadedsecalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/28123secalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1019562secalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/0787secalert@redhat.com
Permissions Required
http://www.vupen.com/english/advisories/2008/1981/referencessecalert@redhat.com
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/41010secalert@redhat.com
Third Party Advisory
VDB Entry
https://issues.rpath.com/browse/RPL-2338secalert@redhat.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937secalert@redhat.com
Broken Link
https://www.exploit-db.com/exploits/5215secalert@redhat.com
Exploit
Third Party Advisory
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.htmlsecalert@redhat.com
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.htmlsecalert@redhat.com
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://secunia.com/advisories/29232af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Vendor Advisory
http://secunia.com/advisories/29357af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Vendor Advisory
http://secunia.com/advisories/29536af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/30802af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/31687af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/32371af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://support.apple.com/kb/HT2163af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0123af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.kb.cert.org/vuls/id/404515af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0897.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/489205/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/489218/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/490056/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/28123af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1019562af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/0787af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2008/1981/referencesaf854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/41010af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://issues.rpath.com/browse/RPL-2338af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.exploit-db.com/exploits/5215af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Source: secalert@redhat.com
Resource:
Broken Link
Mailing List
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/29232
Source: secalert@redhat.com
Resource:
Not Applicable
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29357
Source: secalert@redhat.com
Resource:
Not Applicable
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29536
Source: secalert@redhat.com
Resource:
Not Applicable
Hyperlink: http://secunia.com/advisories/30802
Source: secalert@redhat.com
Resource:
Not Applicable
Hyperlink: http://secunia.com/advisories/31687
Source: secalert@redhat.com
Resource:
Not Applicable
Hyperlink: http://secunia.com/advisories/32371
Source: secalert@redhat.com
Resource:
Not Applicable
Hyperlink: http://support.apple.com/kb/HT2163
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0123
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.kb.cert.org/vuls/id/404515
Source: secalert@redhat.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0897.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
Source: secalert@redhat.com
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/489205/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/489218/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/490056/100/0/threaded
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/28123
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1019562
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2008/0787
Source: secalert@redhat.com
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Source: secalert@redhat.com
Resource:
Permissions Required
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41010
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://issues.rpath.com/browse/RPL-2338
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://www.exploit-db.com/exploits/5215
Source: secalert@redhat.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Mailing List
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/29232
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29357
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29536
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://secunia.com/advisories/30802
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://secunia.com/advisories/31687
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://secunia.com/advisories/32371
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://support.apple.com/kb/HT2163
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0123
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.kb.cert.org/vuls/id/404515
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0897.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/489205/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/489218/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/490056/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/28123
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1019562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2008/0787
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: http://www.vupen.com/english/advisories/2008/1981/references
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://issues.rpath.com/browse/RPL-2338
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://www.exploit-db.com/exploits/5215
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found