exploitDog

CVE-2017-17718

Опубликовано: 17 дек. 2017

Источник: debian

Описание

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ruby-net-ldap	fixed	0.16.1-1		package
ruby-net-ldap	no-dsa		stretch	package
ruby-net-ldap	not-affected		jessie	package
ruby-net-ldap	ignored		wheezy	package

Примечания

https://github.com/ruby-ldap/ruby-net-ldap/issues/258
Versions < 0.10 properly acknowledge in their documentation the lack of any SSL
validation, see https://sources.debian.org/src/ruby-net-ldap/0.8.0-1/lib/net/ldap.rb/#L476
In wheezy/jessie, only reverse dependencies are redmine (which is unsupported in wheezy)
and ruby-omniauth-ldap (which has no reverse dep either).

Связанные уязвимости

CVE-2017-17718

CVSS3: 5.9

ubuntu

около 8 лет назад

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

CVE-2017-17718

CVSS3: 4.8

redhat

около 10 лет назад

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

CVE-2017-17718

CVSS3: 5.9

nvd

около 8 лет назад

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

GHSA-m7p8-9w66-9frm

CVSS3: 5.9

github

около 8 лет назад

net-ldap Improper Certificate Validation vulnerability