Sha256: f886a78584097674798eaedbbfb3c396118e3f28e90b40c83ea70b0c14929a46

Contents?: true

Size: 472 Bytes

Versions: 6

Compression:

Stored size: 472 Bytes

Contents

---
gem: http
cve: 2015-1828
osvdb: 119927
url: https://groups.google.com/forum/#!topic/httprb/jkb4oxwZjkU
title: HTTPS MitM vulnerability in http.rb
date: 2015-03-24
description: |
  http.rb failed to call the OpenSSL::SSL::SSLSocket#post_connection_check method to perform hostname verification.
  Because of this, an attacker with a valid certificate but with a mismatched subject can perform a MitM attack.
cvss_v2: 5.0
patched_versions:
  - ">= 0.7.3"
  - "~> 0.6.4"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/http/CVE-2015-1828.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/http/CVE-2015-1828.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/http/CVE-2015-1828.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/http/CVE-2015-1828.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/http/CVE-2015-1828.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/http/CVE-2015-1828.yml