---
gem: rbovirt
cve: 2014-0036
osvdb: 104080
url: https://nvd.nist.gov/vuln/detail/CVE-2014-0036
title: rbovirt Gem for Ruby contains a flaw
date: 2014-03-05

description: |
  rbovirt Gem for Ruby contains a flaw related to certificate validation.
  The issue is due to the program failing to validate SSL certificates. This may
  allow an attacker with access to network traffic (e.g. MiTM, DNS cache
  poisoning) to spoof the SSL server via an arbitrary certificate that appears
  valid. Such an attack would allow for the interception of sensitive traffic,
  and potentially allow for the injection of content into the SSL stream.

cvss_v2: 6.8

patched_versions:
  - '>= 0.0.24'