Detections
Analytics

WEBrick Encoded Traversal Arbitrary CGI Source Disclosure

medium Nessus Plugin ID 31865

Language:

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote instance of WEBrick, a standard library of Ruby to implement HTTP servers, allows an attacker to view the source of CGI scripts hosted by the affected application by appending to the URL certain characters, such as '+', '%2b', '.', '%2e', or '%20'.

Note that successful exploitation may be dependent on the underlying remote filesystem, for example FAT32 and NTFS.

Solution

Unknown at this time.

See Also

http://aluigi.altervista.org/adv/webrickcgi-adv.txt

Plugin Details

Severity: Medium

ID: 31865

File Name: webrick_cgi_info_disclosure.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 4/17/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-1891

CWE: 22

SECUNIA: 29794