PT-2013-2197 · Rack+1 · Rack+1

Raggic

Publicado

2013-02-08

Atualizado

2026-03-13

CVE-2013-0262

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rack versions 1.4.x through 1.4.4 Rack versions 1.5.x through 1.5.1

Description The issue allows attackers to access arbitrary files outside the intended root directory via a crafted PATH INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, also known as "symlink path traversals."

Recommendations For Rack versions 1.4.x through 1.4.4, update to version 1.4.5 or later. For Rack versions 1.5.x through 1.5.1, update to version 1.5.2 or later.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2013-0262

GHSA-85R7-W5MV-C849

OPENSUSE-SU-2024:10115-1

OPENSUSE-SU-2024:10406-1

OPENSUSE-SU-2024:11344-1

OPENSUSE-SU-2024:11345-1

OPENSUSE-SU-2024:11346-1

OPENSUSE-SU-2024:12119-1

OPENSUSE-SU-2024:12397-1

OPENSUSE-SU-2024:12974-1

OPENSUSE-SU-2024:13167-1

OPENSUSE-SU-2024:13726-1

OPENSUSE-SU-2024:13727-1

OPENSUSE-SU-2025:14811-1

OPENSUSE-SU-2025:14875-1

OPENSUSE-SU-2026:10286-1

OPENSUSE-SU-2026:10358-1

RHSA-2013:0638

Produtos afetados

Rack

Suse

PT-2013-2197 · Rack+1 · Rack+1

CVE-2013-0262

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 63