CVE-2007-5162

Priority
Low
Description
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2)
Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the
commonName (CN) field in a server certificate matches the domain name in an
HTTPS request, which makes it easier for remote attackers to intercept SSL
transmissions via a man-in-the-middle attack or spoofed web site.
References
Bugs
Notes
 jdstrand> LP bug has debdiffs
Assigned-to
kees
Package
Upstream:released (1.8.6.111)
Patches:
Debdiff:https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/149616
Package
Upstream:released (0.1.4a-1sarge1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:30:41 UTC (commit 9756)