Описание
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.1.3-1 |
| edgy | DNE | |
| feisty | DNE | |
| gutsy | not-affected | |
| upstream | needs-triage |
Показывать по
10
Ссылки на источники
6.4 Medium
CVSS2
Связанные уязвимости
nvd
почти 18 лет назад
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
debian
почти 18 лет назад
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers. ...
github
больше 3 лет назад
Mongrel vulnerable to directory traversal via double-encoded sequences
6.4 Medium
CVSS2