[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5770Date: (C)2007-11-13   (M)2023-12-22


The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018938
BID-26421
SECUNIA-26985
SECUNIA-27576
SECUNIA-27673
SECUNIA-27756
SECUNIA-27764
SECUNIA-27769
SECUNIA-27818
SECUNIA-28136
SECUNIA-28645
SECUNIA-29556
ADV-2007-4238
APPLE-SA-2007-12-17
DSA-1410
DSA-1411
DSA-1412
MDVSA-2008:029
RHSA-2007:0961
RHSA-2007:0965
SUSE-SR:2007:024
TA07-352A
USN-596-1
http://docs.info.apple.com/article.html?artnum=307179
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
https://bugzilla.redhat.com/show_bug.cgi?id=362081
oval:org.mitre.oval:def:11025

CWE    1
CWE-287
OVAL    1
oval:org.secpod.oval:def:301337

© SecPod Technologies