CVE-2017-17718

Опубликовано: 17 дек. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

Ссылки

http://openwall.com/lists/oss-security/2017/12/17/10
Issue Tracking
Mailing List
Third Party Advisory
https://github.com/ruby-ldap/ruby-net-ldap/issues/258
Issue Tracking
Patch
Third Party Advisory
https://github.com/ruby-ldap/ruby-net-ldap/pull/279
Issue Tracking
Patch
Third Party Advisory
http://openwall.com/lists/oss-security/2017/12/17/10
Issue Tracking
Mailing List
Third Party Advisory
https://github.com/ruby-ldap/ruby-net-ldap/issues/258
Issue Tracking
Patch
Third Party Advisory
https://github.com/ruby-ldap/ruby-net-ldap/pull/279
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:net-ldap_project:net-ldap:0.0.5:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.1.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.1.1:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.2:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.2.1:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.2.2:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.3.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.3.1:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.5.1:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.6.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.6.1:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.7.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.8.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.9.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.10.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.10.1:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.11:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.12.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.12.1:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.13.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.14.0:*:*:*:*:ruby:*:*

cpe:2.3:a:net-ldap_project:net-ldap:0.15.0:*:*:*:*:ruby:*:*

EPSS

Процентиль: 39%

0.00172

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2017-17718

CVSS3: 5.9

ubuntu

около 8 лет назад

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

CVE-2017-17718

CVSS3: 4.8

redhat

около 10 лет назад

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

CVE-2017-17718

CVSS3: 5.9

debian

около 8 лет назад

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SS ...

GHSA-m7p8-9w66-9frm

CVSS3: 5.9

github

около 8 лет назад

net-ldap Improper Certificate Validation vulnerability

EPSS

Процентиль: 39%

0.00172

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295