Directory traversal

2014-11-0811:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

74.7%

JSON

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /…%2F sequence.

CPENameOperatorVersion
opensuseeq12.3
opensuseeq13.1
opensuseeq13.2
railseq3.0.0 beta
railseq3.0.0 beta2
railseq3.0.0 beta3
railseq3.0.0 beta4
railseq3.0.0 rc
railseq3.0.0 rc2
railseq3.0.1 pre

Name	Operator	Version
opensuse	eq	12.3
opensuse	eq	13.1
opensuse	eq	13.2
rails	eq	3.0.0 beta
rails	eq	3.0.0 beta2
rails	eq	3.0.0 beta3
rails	eq	3.0.0 beta4
rails	eq	3.0.0 rc
rails	eq	3.0.0 rc2
rails	eq	3.0.1 pre