Unrated severityNVD Advisory· Published Mar 4, 2008· Updated Apr 23, 2026
CVE-2008-1145
CVE-2008-1145
Description
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Affected products
3cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
29- www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/nvdExploitPatchVendor Advisory
- www.exploit-db.com/exploits/5215nvdExploitThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/29232nvdNot ApplicableVendor Advisory
- secunia.com/advisories/29357nvdNot ApplicableVendor Advisory
- support.apple.com/kb/HT2163nvdThird Party Advisory
- www.kb.cert.org/vuls/id/404515nvdThird Party AdvisoryUS Government Resource
- www.redhat.com/support/errata/RHSA-2008-0897.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/489205/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/489218/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/490056/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/28123nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/41010nvdThird Party AdvisoryVDB Entry
- www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.htmlnvdThird Party Advisory
- lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlnvdBroken LinkMailing List
- secunia.com/advisories/29536nvdNot Applicable
- secunia.com/advisories/30802nvdNot Applicable
- secunia.com/advisories/31687nvdNot Applicable
- secunia.com/advisories/32371nvdNot Applicable
- wiki.rpath.com/Advisories:rPSA-2008-0123nvdBroken Link
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0123nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.vupen.com/english/advisories/2008/0787nvdPermissions Required
- www.vupen.com/english/advisories/2008/1981/referencesnvdPermissions Required
- issues.rpath.com/browse/RPL-2338nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937nvdBroken Link
News mentions
0No linked articles in our index yet.