Directory Traversal Vulnerability in WEBrick Gem 1.4.2 for Ruby

Directory Traversal Vulnerability in WEBrick Gem 1.4.2 for Ruby

CVE-2019-11879 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem.

Learn more about our Cis Benchmark Audit For Apache Http Server.