English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61731
Category:Fedora Local Security Checks
Title:Fedora Core 9 FEDORA-2008-8738 (ruby)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to ruby
announced via advisory FEDORA-2008-8738.

Update Information:

Update to new upstream release fixing multiple security issues detailed in the
upstream advisories.

ChangeLog:

* Wed Oct 8 2008 Akira TAGOH - 1.8.6.287-2
- CVE-2008-3790: DoS vulnerability in the REXML module.
* Sat Aug 23 2008 Akira TAGOH - 1.8.6.287-1
- New upstream release.
- Security fixes.
- CVE-2008-3655: Ruby does not properly restrict access to critical
variables and methods at various safe levels.
- CVE-2008-3656: DoS vulnerability in WEBrick.
- CVE-2008-3657: Lack of taintness check in dl.
- CVE-2008-1447: DNS spoofing vulnerability in resolv.rb.
- CVE-2008-3443: Memory allocation failure in Ruby regex engine.
- Remove the unnecessary backported patches.

References:

[ 1 ] Bug #458948 - CVE-2008-3655 ruby: multiple insufficient safe mode restrictions
https://bugzilla.redhat.com/show_bug.cgi?id=458948
[ 2 ] Bug #458966 - CVE-2008-3657 ruby: missing taintness checks in dl module
https://bugzilla.redhat.com/show_bug.cgi?id=458966
[ 3 ] Bug #459266 - CVE-2008-3443 ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS)
https://bugzilla.redhat.com/show_bug.cgi?id=459266
[ 4 ] Bug #458953 - CVE-2008-3656 ruby: WEBrick DoS vulnerability (CPU consumption)
https://bugzilla.redhat.com/show_bug.cgi?id=458953
[ 5 ] Bug #449345 - CVE-2008-1447 implement source UDP port randomization (CERT VU#800113)
https://bugzilla.redhat.com/show_bug.cgi?id=449345
[ 6 ] Bug #460134 - CVE-2008-3790 ruby: DoS vulnerability in the REXML module
https://bugzilla.redhat.com/show_bug.cgi?id=460134

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update ruby' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-8738

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3655
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BugTraq ID: 30644
http://www.securityfocus.com/bid/30644
Bugtraq: 20080831 rPSA-2008-0264-1 ruby (Google Search)
http://www.securityfocus.com/archive/1/495884/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Debian Security Information: DSA-1651 (Google Search)
http://www.debian.org/security/2008/dsa-1651
Debian Security Information: DSA-1652 (Google Search)
http://www.debian.org/security/2008/dsa-1652
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
http://security.gentoo.org/glsa/glsa-200812-17.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602
http://www.redhat.com/support/errata/RHSA-2008-0895.html
http://www.redhat.com/support/errata/RHSA-2008-0897.html
http://www.securitytracker.com/id?1020656
http://secunia.com/advisories/31430
http://secunia.com/advisories/31697
http://secunia.com/advisories/32165
http://secunia.com/advisories/32219
http://secunia.com/advisories/32255
http://secunia.com/advisories/32256
http://secunia.com/advisories/32371
http://secunia.com/advisories/32372
http://secunia.com/advisories/33178
http://secunia.com/advisories/35074
https://usn.ubuntu.com/651-1/
http://www.vupen.com/english/advisories/2008/2334
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: ruby-safelevel-security-bypass(44369)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44369
Common Vulnerability Exposure (CVE) ID: CVE-2008-3656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682
http://www.securitytracker.com/id?1020654
XForce ISS Database: ruby-webrick-dos(44371)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44371
Common Vulnerability Exposure (CVE) ID: CVE-2008-3657
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793
http://www.securitytracker.com/id?1020652
XForce ISS Database: ruby-dl-security-bypass(44372)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44372
Common Vulnerability Exposure (CVE) ID: CVE-2008-3905
BugTraq ID: 31699
http://www.securityfocus.com/bid/31699
http://www.openwall.com/lists/oss-security/2008/09/03/3
http://www.openwall.com/lists/oss-security/2008/09/04/9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034
http://secunia.com/advisories/32948
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754
XForce ISS Database: ruby-resolv-dns-spoofing(45935)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45935
Common Vulnerability Exposure (CVE) ID: CVE-2008-3790
BugTraq ID: 30802
http://www.securityfocus.com/bid/30802
http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca
http://www.openwall.com/lists/oss-security/2008/08/25/4
http://www.openwall.com/lists/oss-security/2008/08/26/1
http://www.openwall.com/lists/oss-security/2008/08/26/4
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393
http://www.securitytracker.com/id?1020735
http://secunia.com/advisories/31602
http://secunia.com/advisories/33185
https://usn.ubuntu.com/691-1/
http://www.vupen.com/english/advisories/2008/2428
http://www.vupen.com/english/advisories/2008/2483
XForce ISS Database: ruby-rexml-dos(44628)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44628
Common Vulnerability Exposure (CVE) ID: CVE-2008-3443
BugTraq ID: 30682
http://www.securityfocus.com/bid/30682
Debian Security Information: DSA-1695 (Google Search)
http://www.debian.org/security/2009/dsa-1695
https://www.exploit-db.com/exploits/6239
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570
http://www.securitytracker.com/id?1021075
http://secunia.com/advisories/33398
http://securityreason.com/securityalert/4158
XForce ISS Database: ruby-regex-dos(44688)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44688
Common Vulnerability Exposure (CVE) ID: CVE-2008-1447
AIX APAR: IZ26667
http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
AIX APAR: IZ26668
http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
AIX APAR: IZ26669
http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
AIX APAR: IZ26670
http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
AIX APAR: IZ26671
http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
AIX APAR: IZ26672
http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
BugTraq ID: 30131
http://www.securityfocus.com/bid/30131
Bugtraq: 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495289/100/0/threaded
Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search)
http://www.securityfocus.com/archive/1/495869/100/0/threaded
Cert/CC Advisory: TA08-190A
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Cert/CC Advisory: TA08-190B
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
Cert/CC Advisory: TA08-260A
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
CERT/CC vulnerability note: VU#800113
http://www.kb.cert.org/vuls/id/800113
Cisco Security Advisory: 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
Debian Security Information: DSA-1603 (Google Search)
http://www.debian.org/security/2008/dsa-1603
Debian Security Information: DSA-1604 (Google Search)
http://www.debian.org/security/2008/dsa-1604
Debian Security Information: DSA-1605 (Google Search)
http://www.debian.org/security/2008/dsa-1605
Debian Security Information: DSA-1619 (Google Search)
http://www.debian.org/security/2008/dsa-1619
Debian Security Information: DSA-1623 (Google Search)
http://www.debian.org/security/2008/dsa-1623
https://www.exploit-db.com/exploits/6122
https://www.exploit-db.com/exploits/6123
https://www.exploit-db.com/exploits/6130
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
FreeBSD Security Advisory: FreeBSD-SA-08:06
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://security.gentoo.org/glsa/glsa-200807-08.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
HPdes Security Advisory: HPSBMP02404
http://marc.info/?l=bugtraq&m=123324863916385&w=2
HPdes Security Advisory: HPSBNS02405
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
HPdes Security Advisory: HPSBOV02357
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520
HPdes Security Advisory: HPSBOV03226
http://marc.info/?l=bugtraq&m=141879471518471&w=2
HPdes Security Advisory: HPSBTU02358
http://marc.info/?l=bugtraq&m=121866517322103&w=2
HPdes Security Advisory: HPSBUX02351
http://marc.info/?l=bugtraq&m=121630706004256&w=2
HPdes Security Advisory: SSRT071449
HPdes Security Advisory: SSRT080058
HPdes Security Advisory: SSRT090014
HPdes Security Advisory: SSRT101004
http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.doxpara.com/?p=1176
http://www.doxpara.com/DMK_BO2K8.ppt
http://www.nominum.com/asset_upload_file741_2661.pdf
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
Microsoft Security Bulletin: MS08-037
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037
NETBSD Security Advisory: NetBSD-SA2008-009
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
OpenBSD Security Advisory: [4.2] 013: SECURITY FIX: July 23, 2008
http://www.openbsd.org/errata42.html#013_bind
OpenBSD Security Advisory: [4.3] 004: SECURITY FIX: July 23, 2008
http://www.openbsd.org/errata43.html#004_bind
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627
RedHat Security Advisories: RHSA-2008:0533
http://rhn.redhat.com/errata/RHSA-2008-0533.html
http://www.redhat.com/support/errata/RHSA-2008-0789.html
http://www.securitytracker.com/id?1020437
http://www.securitytracker.com/id?1020438
http://www.securitytracker.com/id?1020440
http://www.securitytracker.com/id?1020448
http://www.securitytracker.com/id?1020449
http://www.securitytracker.com/id?1020548
http://www.securitytracker.com/id?1020558
http://www.securitytracker.com/id?1020560
http://www.securitytracker.com/id?1020561
http://www.securitytracker.com/id?1020575
http://www.securitytracker.com/id?1020576
http://www.securitytracker.com/id?1020577
http://www.securitytracker.com/id?1020578
http://www.securitytracker.com/id?1020579
http://www.securitytracker.com/id?1020651
http://www.securitytracker.com/id?1020653
http://www.securitytracker.com/id?1020702
http://www.securitytracker.com/id?1020802
http://www.securitytracker.com/id?1020804
http://secunia.com/advisories/30925
http://secunia.com/advisories/30973
http://secunia.com/advisories/30977
http://secunia.com/advisories/30979
http://secunia.com/advisories/30980
http://secunia.com/advisories/30988
http://secunia.com/advisories/30989
http://secunia.com/advisories/30998
http://secunia.com/advisories/31011
http://secunia.com/advisories/31012
http://secunia.com/advisories/31014
http://secunia.com/advisories/31019
http://secunia.com/advisories/31022
http://secunia.com/advisories/31030
http://secunia.com/advisories/31031
http://secunia.com/advisories/31033
http://secunia.com/advisories/31052
http://secunia.com/advisories/31065
http://secunia.com/advisories/31072
http://secunia.com/advisories/31093
http://secunia.com/advisories/31094
http://secunia.com/advisories/31137
http://secunia.com/advisories/31143
http://secunia.com/advisories/31151
http://secunia.com/advisories/31152
http://secunia.com/advisories/31153
http://secunia.com/advisories/31169
http://secunia.com/advisories/31197
http://secunia.com/advisories/31199
http://secunia.com/advisories/31204
http://secunia.com/advisories/31207
http://secunia.com/advisories/31209
http://secunia.com/advisories/31212
http://secunia.com/advisories/31213
http://secunia.com/advisories/31221
http://secunia.com/advisories/31236
http://secunia.com/advisories/31237
http://secunia.com/advisories/31254
http://secunia.com/advisories/31326
http://secunia.com/advisories/31354
http://secunia.com/advisories/31422
http://secunia.com/advisories/31451
http://secunia.com/advisories/31482
http://secunia.com/advisories/31495
http://secunia.com/advisories/31588
http://secunia.com/advisories/31687
http://secunia.com/advisories/31823
http://secunia.com/advisories/31882
http://secunia.com/advisories/31900
http://secunia.com/advisories/33714
http://secunia.com/advisories/33786
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
SuSE Security Announcement: SUSE-SA:2008:033 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-622-1
http://www.ubuntu.com/usn/usn-627-1
http://www.vupen.com/english/advisories/2008/2019/references
http://www.vupen.com/english/advisories/2008/2023/references
http://www.vupen.com/english/advisories/2008/2025/references
http://www.vupen.com/english/advisories/2008/2029/references
http://www.vupen.com/english/advisories/2008/2030/references
http://www.vupen.com/english/advisories/2008/2050/references
http://www.vupen.com/english/advisories/2008/2051/references
http://www.vupen.com/english/advisories/2008/2052/references
http://www.vupen.com/english/advisories/2008/2055/references
http://www.vupen.com/english/advisories/2008/2092/references
http://www.vupen.com/english/advisories/2008/2113/references
http://www.vupen.com/english/advisories/2008/2114/references
http://www.vupen.com/english/advisories/2008/2123/references
http://www.vupen.com/english/advisories/2008/2139/references
http://www.vupen.com/english/advisories/2008/2166/references
http://www.vupen.com/english/advisories/2008/2195/references
http://www.vupen.com/english/advisories/2008/2196/references
http://www.vupen.com/english/advisories/2008/2197/references
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2291
http://www.vupen.com/english/advisories/2008/2342
http://www.vupen.com/english/advisories/2008/2377
http://www.vupen.com/english/advisories/2008/2383
http://www.vupen.com/english/advisories/2008/2384
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2467
http://www.vupen.com/english/advisories/2008/2482
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2549
http://www.vupen.com/english/advisories/2008/2558
http://www.vupen.com/english/advisories/2008/2582
http://www.vupen.com/english/advisories/2008/2584
http://www.vupen.com/english/advisories/2009/0297
http://www.vupen.com/english/advisories/2009/0311
http://www.vupen.com/english/advisories/2010/0622
XForce ISS Database: cisco-multiple-dns-cache-poisoning(43637)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43637
XForce ISS Database: win-dns-client-server-spoofing(43334)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43334
Common Vulnerability Exposure (CVE) ID: CVE-2008-1891
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
http://aluigi.altervista.org/adv/webrickcgi-adv.txt
http://secunia.com/advisories/29794
http://secunia.com/advisories/30831
http://www.vupen.com/english/advisories/2008/1245/references
XForce ISS Database: ruby-webrick-cgi-info-disclosure(41824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41824
Common Vulnerability Exposure (CVE) ID: CVE-2008-2662
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
BugTraq ID: 29903
http://www.securityfocus.com/bid/29903
Bugtraq: 20080626 rPSA-2008-0206-1 ruby (Google Search)
http://www.securityfocus.com/archive/1/493688/100/0/threaded
Debian Security Information: DSA-1612 (Google Search)
http://www.debian.org/security/2008/dsa-1612
Debian Security Information: DSA-1618 (Google Search)
http://www.debian.org/security/2008/dsa-1618
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
http://www.ruby-forum.com/topic/157034
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601
http://www.redhat.com/support/errata/RHSA-2008-0561.html
http://www.securitytracker.com/id?1020347
http://secunia.com/advisories/30802
http://secunia.com/advisories/30867
http://secunia.com/advisories/30875
http://secunia.com/advisories/30894
http://secunia.com/advisories/31062
http://secunia.com/advisories/31181
http://secunia.com/advisories/31256
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
http://www.ubuntu.com/usn/usn-621-1
http://www.vupen.com/english/advisories/2008/1907/references
http://www.vupen.com/english/advisories/2008/1981/references
XForce ISS Database: ruby-rbstrbufappend-code-execution(43345)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43345
Common Vulnerability Exposure (CVE) ID: CVE-2008-2663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524
http://secunia.com/advisories/31090
XForce ISS Database: ruby-rbarystore-code-execution(43346)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43346
Common Vulnerability Exposure (CVE) ID: CVE-2008-2664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646
XForce ISS Database: ruby-rbstrformat-code-execution(43348)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43348
Common Vulnerability Exposure (CVE) ID: CVE-2008-2725
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606
XForce ISS Database: ruby-rbarysplice-code-execution(43350)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43350
Common Vulnerability Exposure (CVE) ID: CVE-2008-2726
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959
XForce ISS Database: ruby-rbarysplice-begrlen-code-execution(43351)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
Common Vulnerability Exposure (CVE) ID: CVE-2007-5162
BugTraq ID: 25847
http://www.securityfocus.com/bid/25847
Bugtraq: 20070927 Ruby Net::HTTPS library does not validate server certificate CN (Google Search)
http://www.securityfocus.com/archive/1/480987/100/0/threaded
Bugtraq: 20071112 FLEA-2007-0068-1 ruby (Google Search)
http://www.securityfocus.com/archive/1/483577/100/0/threaded
Debian Security Information: DSA-1410 (Google Search)
http://www.debian.org/security/2007/dsa-1410
Debian Security Information: DSA-1411 (Google Search)
http://www.debian.org/security/2007/dsa-1411
Debian Security Information: DSA-1412 (Google Search)
http://www.debian.org/security/2007/dsa-1412
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00097.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00391.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00087.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:029
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt
https://bugzilla.redhat.com/show_bug.cgi?id=313791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10738
http://www.redhat.com/support/errata/RHSA-2007-0961.html
http://www.redhat.com/support/errata/RHSA-2007-0965.html
http://secunia.com/advisories/26985
http://secunia.com/advisories/27044
http://secunia.com/advisories/27432
http://secunia.com/advisories/27576
http://secunia.com/advisories/27673
http://secunia.com/advisories/27756
http://secunia.com/advisories/27764
http://secunia.com/advisories/27769
http://secunia.com/advisories/27818
http://secunia.com/advisories/28645
http://secunia.com/advisories/29556
http://securityreason.com/securityalert/3180
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
http://www.novell.com/linux/security/advisories/2007_24_sr.html
http://www.ubuntu.com/usn/usn-596-1
http://www.vupen.com/english/advisories/2007/3340
XForce ISS Database: ruby-nethttps-mitm(36861)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36861
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.