CVE-2007-5162

Priority
Low
Description
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2)
Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the
commonName (CN) field in a server certificate matches the domain name in an
HTTPS request, which makes it easier for remote attackers to intercept SSL
transmissions via a man-in-the-middle attack or spoofed web site.
References
Bugs
Notes
jdstrand> LP bug has debdiffs
Assigned-to
kees
Package
Upstream:released (1.8.6.111)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Patches:
Debdiff:https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/149616
Package
Upstream:released (0.1.4a-1sarge1)
Ubuntu 8.04 LTS (Hardy Heron):not-affected (fixed in ruby1.8)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:14 UTC (commit 5347)