Описание
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | fixed in ruby1.8 |
| devel | not-affected | fixed in ruby1.8 |
| edgy | not-affected | fixed in ruby1.8 |
| feisty | not-affected | fixed in ruby1.8 |
| gutsy | not-affected | fixed in ruby1.8 |
| hardy | not-affected | fixed in ruby1.8 |
| upstream | released | 0.1.4a-1sarge1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.8.4-1ubuntu1.4 |
| devel | not-affected | 1.8.7.22-1 |
| edgy | released | 1.8.4-5ubuntu1.3 |
| feisty | released | 1.8.5-4ubuntu2.1 |
| gutsy | released | 1.8.6.36-1ubuntu3.1 |
| hardy | not-affected | 1.8.6.111-2ubuntu1 |
| upstream | released | 1.8.6.111 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, an ...
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
ELSA-2007-0965: Moderate: ruby security update (MODERATE)
EPSS
5 Medium
CVSS2