Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-1891

EPSS 0.29% · P52
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-1891

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ruby WEBrick远程目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ruby是一种功能强大的面向对象的脚本语言。 WEBrick是Ruby中内嵌的HTTP服务器程序库。WEBrick组件存在目录遍历漏洞,如果服务器使用的是NTFS或FAT文件系统的话,远程攻击者就可以通过在向使用WEBrick::HTTPServlet::FileHandler或WEBrick::HTTPServer.new的应用所提交的URI请求结尾附加"+"、"%2b"、"."、"%2e"或"%20"字符执行目录遍历攻击,导致读取任意CGI文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2008-1891

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2008-1891

登录查看更多情报信息。

Same Patch Batch · n/a · 2008-04-18 · 16 CVEs total

CVE-2008-1889XplodPHP AutoTutorials viewcat.php SQL 注入漏洞
CVE-2008-1890Mambo and Joomla! Jom Comment Component User Credential SQL注入漏洞
CVE-2008-1892Blogator-script 'bs_auth.php' 跨站脚本攻击漏洞
CVE-2008-1893W2B Online Banking index.php 远程文件包含漏洞
CVE-2008-1894Business Objects Infoview 'cms' 参数跨站脚本攻击漏洞
CVE-2008-1895Carbon Communities 多个SQL 注入漏洞
CVE-2008-1896Carbon Communities 多个跨站脚本攻击漏洞
CVE-2008-1888Microsoft SharePoint 跨站脚本攻击漏洞
CVE-2008-1887Python stringobject.c多个远程溢出漏洞
CVE-2008-1693Xpdf嵌入字体处理代码执行漏洞
CVE-2008-1734PHP Toolkit 信息泄露漏洞和拒绝服务漏洞
CVE-2008-1883blackboard academic suite javascript/md5.js 授权问题漏洞
CVE-2008-1884Wikepage Opus 'index.php' 多个目录遍历漏洞
CVE-2008-1885Tumbleweed SecureTransport vcst_eu.dll ActiveX控件远程栈溢出漏洞
CVE-2008-1886Tumbleweed SecureTransport vcst_eu.dll ActiveX控件远程栈溢出漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2008-1891

No comments yet

Leave a comment