CVE-2019-11879

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WEBrick gem version 1.4.2

Description The issue allows directory traversal if an attacker had local access to create a symlink to a location outside of the web root directory. The vendor considers this analogous to Options FollowSymlinks in the Apache HTTP Server.

Recommendations For WEBrick gem version 1.4.2, consider restricting access to creating symlinks outside of the web root directory to minimize the risk of exploitation.

Fix

Link Following

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-22

Related Identifiers

CVE-2019-11879

Affected Products

Apache Http Server

Webrick

CVE-2019-11879

Weakness Enumeration

Related Identifiers

Affected Products

References · 4