Lucene search
RubySecRUBY:RUBY-2009-0642HistoryJan 28, 2009 - 9:00 p.m.
Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
2009-01-2821:00:00
RubySec
rubysec.com
6
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the
return value from the OCSP_basic_verify function, which might allow remote
attackers to successfully present an invalid X.509 certificate, possibly
involving a revoked certificate.
Affected configurations
Node
rubyrubyRange1.8.6.368–1.8.7.0
ORrubyrubyRange1.8.7.172–1.8.8.0
ORrubyrubyRange1.9.1.128–1.9.2.0
ORrubyrubyRange<1.9.2.1
Related
nessus
nessus
Mandriva Linux Security Advisory : ruby (MDVSA-2009:193)
2009-08-06 00:00:00
Debian DSA-1860-1 : ruby1.8, ruby1.9 - several vulnerabilities
2010-02-24 00:00:00
Mandriva Linux Security Advisory : ruby (MDVSA-2009:325)
2009-12-08 00:00:00
cvelist
cvelist
CVE-2009-0642
2009-02-18 17:00:00
prion
prion
Design/Logic Flaw
2009-02-20 06:47:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:193 (ruby)
2009-08-17 00:00:00
Mandrake Security Advisory MDVSA-2009:193 (ruby)
2009-08-17 00:00:00
Mandriva Security Advisory MDVSA-2009:325 (ruby)
2009-12-10 00:00:00
nvd
nvd
CVE-2009-0642
2009-02-20 06:47:48
ubuntucve
ubuntucve
CVE-2009-0642
2009-02-20 00:00:00
cve
cve
CVE-2009-0642
2009-02-20 06:47:48
ubuntu
ubuntu
Ruby vulnerabilities
2009-07-20 00:00:00
debian
debian
[SECURITY] [DSA 1860-1] New Ruby packages fix several issues
2009-08-12 19:49:54
osv
osv
ruby1.8 ruby1.9 - several issues
2009-08-12 00:00:00
centos
centos
ruby security update
2009-07-02 23:49:01
redhat
redhat
(RHSA-2009:1140) Moderate: ruby security update
2009-07-02 00:00:00
oraclelinux
oraclelinux
ruby security update
2009-07-02 00:00:00
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for RUBY:RUBY-2009-0642