Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability

[hdm at metasploit.com (H D Moore)]

It did and it was patched earlier today. There was little risk, because in 
order for someone to exploit it, you would need to run msfweb with the -a 
parameter, allowing people other than localhost to connect. Theres an 
argument that another local user could exploit it, but its still 
relatively minor. Either way, fixed now in SVN/Online Update :-)

-HD

On Thursday 06 March 2008, gaurav chaturvedi wrote:
> Does this effect Metasploit ?
> http://www.milw0rm.com/exploits/5215
>
> I found this comment in the code :)
> "# Monkey patch the webrick vulnerability"
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework