Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-5162

Опубликовано: 01 окт. 2007
Источник: ubuntu
Приоритет: low
CVSS2: 4.3

Описание

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

РелизСтатусПримечание
dapper

not-affected

fixed in ruby1.8
devel

not-affected

fixed in ruby1.8
edgy

not-affected

fixed in ruby1.8
feisty

not-affected

fixed in ruby1.8
gutsy

not-affected

fixed in ruby1.8
hardy

not-affected

fixed in ruby1.8
upstream

released

0.1.4a-1sarge1

Показывать по

РелизСтатусПримечание
dapper

released

1.8.4-1ubuntu1.4
devel

not-affected

edgy

released

1.8.4-5ubuntu1.3
feisty

released

1.8.5-4ubuntu2.1
gutsy

released

1.8.6.36-1ubuntu3.1
upstream

released

1.8.6.111

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2007-5162

redhat
больше 17 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

nvd логотип

CVE-2007-5162

nvd
больше 17 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

debian логотип

CVE-2007-5162

debian
больше 17 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net ...

github логотип

GHSA-26pc-wx8w-v5vj

github
около 3 лет назад

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

oracle-oval логотип

ELSA-2007-0965

oracle-oval
больше 17 лет назад

ELSA-2007-0965: Moderate: ruby security update (MODERATE)

4.3 Medium

CVSS2