Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2007-5162

Опубликовано: 01 окт. 2007
Источник: debian

Описание

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby1.9fixed1.9.0+20071016-1package
ruby1.8fixed1.8.6.111-1package

Примечания

  • fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504

Связанные уязвимости

ubuntu логотип

CVE-2007-5162

ubuntu
больше 17 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

redhat логотип

CVE-2007-5162

redhat
больше 17 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

nvd логотип

CVE-2007-5162

nvd
больше 17 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

github логотип

GHSA-26pc-wx8w-v5vj

github
около 3 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

oracle-oval логотип

ELSA-2007-0965

oracle-oval
больше 17 лет назад

ELSA-2007-0965: Moderate: ruby security update (MODERATE)