9 matches found
Directory Traversal
Overview mongrel is an A small fast HTTP library and server that runs Rails, Camping, Nitro and Iowa apps. Affected versions of this package are vulnerable to Directory Traversal via the DirHandler function in lib/mongrel/handlers.rb. An attacker can read arbitrary files by sending an HTTP reques...
SUSE CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
Mongrel vulnerable to directory traversal via double-encoded sequences
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...
GHSA-M7R6-43V2-49VF Mongrel vulnerable to directory traversal via double-encoded sequences
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...
Mongrel vulnerable to directory traversal via double-encoded sequences
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 1.0.3 and prior are not affected and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences .%252e...
mod_jk sends decoded URL to tomcat
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...
Directory traversal
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
CVE-2007-6612
Directory traversal vulnerability in DirHandler lib/mongrel/handlers.rb in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences ".%252e"...
CVE-2007-1860
modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...