Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2013-4073

Опубликовано: 18 авг. 2013
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8

Описание

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

РелизСтатусПримечание
devel

released

1.8.7.358-7ubuntu2
lucid

ignored

end of life
precise

released

1.8.7.352-2ubuntu1.3
quantal

released

1.8.7.358-4ubuntu0.3
raring

released

1.8.7.358-7ubuntu1.1
upstream

released

1.8.7 patchlevel 374

Показывать по

РелизСтатусПримечание
devel

released

1.9.3.194-8.1ubuntu2
lucid

ignored

end of life
precise

released

1.9.3.0-1ubuntu2.7
quantal

released

1.9.3.194-1ubuntu1.5
raring

released

1.9.3.194-8.1ubuntu1.1
upstream

released

1.9.3 patchlevel 448

Показывать по

Ссылки на источники

EPSS

Процентиль: 85%
0.02723
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2013-4073

redhat
около 12 лет назад

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

nvd логотип

CVE-2013-4073

nvd
около 12 лет назад

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

debian логотип

CVE-2013-4073

debian
около 12 лет назад

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/s ...

github логотип

GHSA-3gpq-xx45-4rr9

github
больше 3 лет назад

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

oracle-oval логотип

ELSA-2013-1090

oracle-oval
около 12 лет назад

ELSA-2013-1090: ruby security update (MODERATE)

EPSS

Процентиль: 85%
0.02723
Низкий

6.8 Medium

CVSS2