Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-5162
Description:The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
Test IDs:  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-5162
BugTraq ID: 25847
Bugtraq: 20070927 Ruby Net::HTTPS library does not validate server certificate CN (Google Search)
Bugtraq: 20071112 FLEA-2007-0068-1 ruby (Google Search)
Debian Security Information: DSA-1410 (Google Search)
Debian Security Information: DSA-1411 (Google Search)
Debian Security Information: DSA-1412 (Google Search)
RedHat Security Advisories: RHSA-2007:0961
RedHat Security Advisories: RHSA-2007:0965
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
XForce ISS Database: ruby-nethttps-mitm(36861)

© 1998-2021 E-Soft Inc. All rights reserved.