// For flags

CVE-2014-7819

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.

Múltiples vulnerabilidades de salto de directorio en server.rb en Sprockets anterior a 2.0.5, 2.1.x anterior a 2.1.4, 2.2.x anterior a 2.2.3, 2.3.x anterior a 2.3.3, 2.4.x anterior a 2.4.6, 2.5.x anterior a 2.5.1, 2.6.x y 2.7.x anterior a 2.7.1, 2.8.x anterior a 2.8.3, 2.9.x anterior a 2.9.4, 2.10.x anterior a 2.10.2, 2.11.x anterior a 2.11.3, 2.12.x anterior a 2.12.3, y 3.x anterior a 3.0.0.beta.3, distribuido con Ruby on Rails 3.x y 4.x, permiten a atacantes remotos determinar la existencia de ficheros fuera del root de la aplicación a través de una secuencia ../ (punto punto barra) con (1) barras dobles o (2) codificación de URL.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-03 CVE Reserved
  • 2014-11-08 CVE Published
  • 2024-06-20 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.0.0 < 2.0.5
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.0.0 < 2.0.5"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.1.0 < 2.1.4
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.1.0 < 2.1.4"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.2.0 < 2.2.3
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.2.0 < 2.2.3"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.3.0 < 2.3.3
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.3.0 < 2.3.3"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.4.0 < 2.4.6
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.4.0 < 2.4.6"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.5.0 < 2.5.1
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.5.0 < 2.5.1"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.7.0 < 2.7.1
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.7.0 < 2.7.1"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.8.0 < 2.8.3
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.8.0 < 2.8.3"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.9.0 < 2.9.4
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.9.0 < 2.9.4"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.10.0 < 2.10.2
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.10.0 < 2.10.2"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.11.0 < 2.11.3
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.11.0 < 2.11.3"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
>= 2.12.0 < 2.12.3
Search vendor "Sprockets Project" for product "Sprockets" and version " >= 2.12.0 < 2.12.3"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
2.6.0
Search vendor "Sprockets Project" for product "Sprockets" and version "2.6.0"
-
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
3.0.0
Search vendor "Sprockets Project" for product "Sprockets" and version "3.0.0"
beta1
Affected
Sprockets Project
Search vendor "Sprockets Project"
Sprockets
Search vendor "Sprockets Project" for product "Sprockets"
3.0.0
Search vendor "Sprockets Project" for product "Sprockets" and version "3.0.0"
beta2
Affected