Return to CVE list

CVE-2014-7819

5.0
Medium

CVE-2014-7819

secalert@redhat.com
Modified
View on MITREFind on GitHub

Description

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

secalert@redhat.com
http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
secalert@redhat.com
http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
secalert@redhat.com
http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html
secalert@redhat.com
http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
secalert@redhat.com
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ
secalert@redhat.com
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ
af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html
af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html
af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html
af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
af854a3a-2127-422b-91ae-364da2661108
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ
af854a3a-2127-422b-91ae-364da2661108
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ