Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0965

The remote host is missing updates announced in
advisory RHSA-2007:0965.

Ruby is an interpreted scripting language for object-oriented programming.

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a man
in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain a
backported patch to resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5162
BugTraq ID: 25847
Bugtraq: 20070927 Ruby Net::HTTPS library does not validate server certificate CN (Google Search)
Bugtraq: 20071112 FLEA-2007-0068-1 ruby (Google Search)
Debian Security Information: DSA-1410 (Google Search)
Debian Security Information: DSA-1411 (Google Search)
Debian Security Information: DSA-1412 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
XForce ISS Database: ruby-nethttps-mitm(36861)
Common Vulnerability Exposure (CVE) ID: CVE-2007-5770
BugTraq ID: 26421
Cert/CC Advisory: TA07-352A
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.