Moderate severityNVD Advisory· Published Jan 3, 2008· Updated Apr 23, 2026
CVE-2007-6612
CVE-2007-6612
Description
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mongrelRubyGems | >= 1.0.4, < 1.0.5 | 1.0.5 |
mongrelRubyGems | >= 1.1.0, < 1.1.3 | 1.1.3 |
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- rubyforge.org/pipermail/mongrel-users/2007-December/004733.htmlnvdExploit
- rubyforge.org/pipermail/mongrel-users/2007-December/004736.htmlnvdExploit
- github.com/advisories/GHSA-m7r6-43v2-49vfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2007-6612ghsaADVISORY
- www.us-cert.gov/cas/techalerts/TA08-150A.htmlnvdUS Government Resource
- lists.apple.com/archives/security-announce/2008//May/msg00001.htmlghsaWEB
- web.archive.org/web/20080111034049/http://rubyforge.org/pipermail/mongrel-users/2007-December/004743.htmlghsaWEB
- web.archive.org/web/20200301091534/http://www.securityfocus.com/bid/27133ghsaWEB
- lists.apple.com/archives/security-announce/2008//May/msg00001.htmlnvd
- mongrel.rubyforge.org/news.htmlnvd
- osvdb.org/39866nvd
- rubyforge.org/pipermail/mongrel-users/2007-December/004742.htmlnvd
- rubyforge.org/pipermail/mongrel-users/2007-December/004743.htmlnvd
- secunia.com/advisories/28323nvd
- secunia.com/advisories/30430nvd
- www.securityfocus.com/bid/27133nvd
- www.vupen.com/english/advisories/2008/1697nvd
News mentions
0No linked articles in our index yet.