CVE-2008-1145 | Date: (C)2008-03-04 (M)2023-12-22 |
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash () path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 5.0 |
Exploit Score: 10.0 |
Impact Score: 2.9 |
|
CVSS V2 Metrics: |
Access Vector: NETWORK |
Access Complexity: LOW |
Authentication: NONE |
Confidentiality: PARTIAL |
Integrity: NONE |
Availability: NONE |
| |