Contents

---
engine: ruby
cve: 2007-5770
url: http://www.cvedetails.com/cve/CVE-2007-5770/
title: Ruby Net::HTTPS library does not validate server certificate CN
date: 2007-10-08
description: |
  The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5)
  Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the
  commonName (CN) field in a server certificate matches the domain name in a
  request sent over SSL, which makes it easier for remote attackers to
  intercept SSL transmissions via a man-in-the-middle attack or spoofed web
  site, different components than CVE-2007-5162. 
cvss_v2: 4.3
patched_versions:
  - ~> 1.8.6.230
  - ">= 1.8.7"

Version data entries

6 entries across 6 versions & 2 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml
bundler-budit-0.6.2	data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml
bundler-budit-0.6.1	data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml
bundler-audit-0.6.1	data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml
bundler-audit-0.6.0	data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml
bundler-audit-0.5.0	data/ruby-advisory-db/rubies/ruby/CVE-2007-5770.yml