WEBrick v.1.3 Directory Traversal

Description

Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

The following programs are vulnerable.
Programs that publish files using WEBrick::HTTPServer.new with the :DocumentRoot option
Programs that publish files using WEBrick::HTTPServlet::FileHandler

Affected systems are:
1. Systems that accept backslash () as a path separator, such as Windows.
2. Systems that use case insensitive filesystems such as NTFS on Windows, HFS on Mac OS X.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.

Recommendation
Your script should filter metacharacters from user input.

References
CVE-2008-1145
Product Homepage