CVE-2008-1891 - Woaded Mediums


Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier 1.8.5 before 1.8.5-p231 1.8.6 before 1.8.6-p230 1.8.7 before 1.8.7-p22 and 1.9.0 before 1.9.0-2 when using NTFS or FAT filesystems allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus) (2) %2b (encoded plus) (3) . (dot) (4) %2e (encoded dot) or (5) %20 (encoded space) character in the URI possibly related to the WEBrick::HTTPServlet::FileHandler and functionality and the :DocumentRoot option.