CVE-2007-5162

Priority
Description
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2)
Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the
commonName (CN) field in a server certificate matches the domain name in an
HTTPS request, which makes it easier for remote attackers to intercept SSL
transmissions via a man-in-the-middle attack or spoofed web site.
Assigned-to
kees
Notes
jdstrandLP bug has debdiffs
Package
Upstream:released (0.1.4a-1sarge1)
Package
Upstream:released (1.8.6.111)
Patches:
Debdiff:https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/149616
More Information

Updated: 2020-09-10 00:13:18 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)