CVE-2007-5162
CVE-2007-5162
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=313791http://secunia.com/advisories/26985http://secunia.com/advisories/27044http://secunia.com/advisories/27432http://secunia.com/advisories/27576http://secunia.com/advisories/27673http://secunia.com/advisories/27756http://secunia.com/advisories/27764http://secunia.com/advisories/27769http://secunia.com/advisories/27818http://secunia.com/advisories/28645http://secunia.com/advisories/29556