CVE-2015-1828

Опубликовано: 06 окт. 2017

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 5.9

Описание

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	1.0.2-2ubuntu2
cosmic	not-affected	1.0.2-2ubuntu2
devel	not-affected	1.0.2-2ubuntu2
esm-apps/bionic	not-affected	1.0.2-2ubuntu2
esm-apps/xenial	not-affected	1.0.2-2ubuntu2
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2015-1828

CVSS3: 5.9

nvd

больше 8 лет назад

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.

CVE-2015-1828

CVSS3: 5.9

debian

больше 8 лет назад

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connec ...

GHSA-6wpv-cj6x-v3jw

CVSS3: 5.9

github

почти 8 лет назад

http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

4.3 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2015-1828

Описание

Пакет ruby-http

Ссылки на источники

Связанные уязвимости