VDB
CVE-2007-5162
CVE-2007-5162
PUBLISHED
CVSS 4.300000190734863 MEDIUM
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
EPSS 2.08% · 84.2th percentile
Risk Scores
CVSS v2.0
4.300000190734863
EPSS Score
2.08%
84.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ruby-lang | ruby | 1.8.5, 1.8.6 |
| n/a | n/a | n/a |
Timeline
- Oct 1, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499 url
- 25847 vdb
- 20071112 FLEA-2007-0068-1 ruby mailing-list
- 27576 third-party-advisory
- 26985 third-party-advisory
- ADV-2007-3340 vdb
- USN-596-1 vendor-advisory
- ruby-nethttps-mitm(36861) vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=313791 url
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500 url
- FEDORA-2007-2685 vendor-advisory
- 27044 third-party-advisory
- RHSA-2007:0961 vendor-advisory
- RHSA-2007:0965 vendor-advisory
- 27756 third-party-advisory
- DSA-1412 vendor-advisory
- http://www.isecpartners.com/advisories/2007-006-rubyssl.txt url
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502 url
- 27673 third-party-advisory
- oval:org.mitre.oval:def:10738 vdb
…and 16 more