Mar 04 2008
File access vulnerability of WEBrick
WEBrick, a standard library of Ruby to implement HTTP servers, has file access vulnerability.
Impact
The following programs are vulnerable.
- Programs that publish files using WEBrick::HTTPServer.new with the :DocumentRoot option
- Programs that publish files using WEBrick::HTTPServlet::FileHandler
Affected systems are:
- Systems that accept backslash (\) as a path separator, such as Windows.
- Systems that use case insensitive filesystems such as NTFS on Windows, HFS on Mac OS X.
1.8 series Please upgrade to 1.8.5-p115 or 1.8.6-p114.
- ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.gz
- ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.gz
1.9 series Please apply the following patch to lib/webrick/httpservlet/filehandler.rb.
comments : 0 Add comment
