Уязвимость CVE-2015-1855

Пакет	Статус	Версия исправления	Тип
ruby1.8	removed		package
ruby1.9.1	removed		package
ruby2.0	removed		package
ruby2.1	fixed	2.1.5-3	package
ruby2.2	fixed	2.2.2-1	package

CVE-2015-1855

CVSS3: 5.9

ubuntu

около 6 лет назад

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

CVE-2015-1855

redhat

почти 11 лет назад

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

CVE-2015-1855

CVSS3: 5.9

nvd

около 6 лет назад

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

GHSA-4x8v-74xf-h4g3

github

больше 3 лет назад

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

BDU:2015-09978

fstec

почти 11 лет назад

Уязвимость интерпретатора Ruby, позволяющая нарушителю подменить SSL-сервер

exploitDog

CVE-2015-1855

Описание

Пакеты

Примечания

Связанные уязвимости