|
Description: | | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. |
|
Impact: | | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. |
|
Affected OS: | | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others |
|
Reference: | | SecurityFocusBID:28123 ExploitDB:5215 SecurityTrackerID:1019562
|
|