Path Traversal in WEBrick via SYMLINK

Summary: The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem." Technical Observation: A path traversal issue was observed in WEBrick (WEBrick/1.4.2...

Read More