Secunia

Some vulnerabilities have been reported in Ruby, which can be exploited by malicious people to disclose sensitive information.

1) Input passed via the URL to applications using "WEBrick::HTTPServlet::FileHandler" or "WEBrick::HTTPServer.new" with the ":DocumentRoot" option is not properly sanitised before being used. This can be exploited to display arbitrary files via directory traversal attacks of the form "..%5c..%5c".

Successful exploitation requires that the application is running on an operating system accepting the backslash character as a path separator (e.g. Windows).

2) The vulnerability is caused due to an error within the "WEBrick::HTTPServlet::FileHandler" class, and within the "WEBrick::HTTPServer.new" method when handling the ":NondisclosureName" option. This can be exploited to disclose the content of arbitrary files with a filename matching the pattern specified in the ":NondisclosureName" option.

Successful exploitation requires that the application is running on an operating system using a case insensitive filesystem (e.g. Windows or Mac OS X).

The vulnerabilities are reported in versions prior to 1.8.4, 1.8.5 versions prior to 1.8.5-p115, 1.8.6 versions prior to 1.8.6-p114, and 1.9 versions prior to and including 1.9.0-1.

Solution
Update to 1.8.5-p115 or 1.8.6-p114, or apply the vendor patch for version 1.9.0-1.
Further details available in Customer Area

Provided and/or discovered by
The vendor credits Digital Security Research.

Changelog
Further details available in Customer Area

Original Advisory
http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area