Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4413

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-4413
Last Modified 12 Mar 2014 09:20:49
Published 11 Mar 2014 03:37:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-4413

Summary

Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.

Vulnerable Systems

Application

  • Schneems Wicked 0.0.1

  • Schneems Wicked 0.0.2

  • Schneems Wicked 0.1.0

  • Schneems Wicked 0.1.1

  • Schneems Wicked 0.1.2

  • Schneems Wicked 0.1.3

  • Schneems Wicked 0.1.4

  • Schneems Wicked 0.1.5

  • Schneems Wicked 0.1.6

  • Schneems Wicked 0.2.0

  • Schneems Wicked 0.3.0

  • Schneems Wicked 0.3.1

  • Schneems Wicked 0.3.2

  • Schneems Wicked 0.3.3

  • Schneems Wicked 0.3.4

  • Schneems Wicked 0.4.0

  • Schneems Wicked 0.5.0

  • Schneems Wicked 0.6.0

  • Schneems Wicked 0.6.1

  • Schneems Wicked 1.0.0


References

CONFIRM - https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53

XF - wicked-gem-cve20134413-dir-trav(87783)

BID - 62891

SECUNIA - 55151

MLIST - [oss-security] 20131009 Re: Vulnerability Reported in my Ruby Gem


Last Updated: 27 May 2016 11:04:37