[framework] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability
H D Moore
hdm at metasploit.com
Thu Mar 6 22:49:59 CST 2008
It did and it was patched earlier today. There was little risk, because in
order for someone to exploit it, you would need to run msfweb with the -a
parameter, allowing people other than localhost to connect. Theres an
argument that another local user could exploit it, but its still
relatively minor. Either way, fixed now in SVN/Online Update :-)
-HD
On Thursday 06 March 2008, gaurav chaturvedi wrote:
> Does this effect Metasploit ?
> http://www.milw0rm.com/exploits/5215
>
> I found this comment in the code :)
> "# Monkey patch the webrick vulnerability"
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework
More information about the Framework
mailing list