class Dawn::Kb::CVE_2007_6612
Automatically created with rake on 2014-01-09
Public Class Methods
new()
click to toggle source
Calls superclass method
Dawn::Kb::DependencyCheck::new
# File lib/dawn/kb/cve_2007_6612.rb, line 7 def initialize message = "Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (\".%252e\")." super({ :name=>"CVE-2007-6612", :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:N", :release_date => Date.new(2008, 3, 1), :cwe=>"", :severity=>:high, :priority=>:high, :owasp=>"A9", :applies=>["rails", "sinatra", "padrino"], :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, :message=>message, :mitigation=>"Please upgrade mongrel to version 1.1.3 or above", :aux_links=>["http://www.securityfocus.com/bid/27133"] }) self.safe_dependencies = [{:name=>"mongrel", :version=>['1.1.3']}] end