Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6612

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-6612
Last Modified 07 Mar 2011 10:03:17
Published 03 Jan 2008 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6612

Summary

Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").

Vulnerable Systems

Application

  • Mongrel 1.0.4

  • Mongrel 1.1.1

  • Mongrel 1.1.2


References

CERT - TA08-150A

VUPEN - ADV-2008-1697

MLIST - [Mongrel] [SECURITY] Must Fix This Now! (Re: Arbitrary system files readable in 1.0.4 - 1.1.2)

MLIST - [Mongrel] 20071229 Regarding the 1.1.3 security release

MLIST - [Mongrel] 20071228 Arbitrary system files readable in 1.0.4 - 1.1.2

OSVDB - 39866

CONFIRM - http://mongrel.rubyforge.org/news.html

BID - 27133

SECUNIA - 30430

SECUNIA - 28323

APPLE - APPLE-SA-2008-05-28

Related Patches

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update


Last Updated: 27 May 2016 10:46:32