CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5770 – net:: * modules
https://notcve.org/view.php?id=CVE-2007-5770
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. Las librerias (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, y (5) Net::smtp en Ruby 1.8.5 y 1.8.6 no verifica el campo commonName (CN) en un servidor que valida certificados el nombre de dominio en una respuesta enviada sobre SSL, lo cual hace más facil a los atacantes remotos interceptar transmisiones SSL a través de un ataque de hombre en el medio o suplantando el sitio web, un componente diferente que el CVE-2007-5162. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26985 http://secunia.com/advisories/27576 http://secunia.com/advisories/27673 http://secunia.com/advisories/27756 http://secunia.com/advisories/27764 http://secunia.com/advisories/27769 http://secunia.com/advisories/27818 http://secunia.com/advisories/28136 http://secunia.com/advisories/28645 http://secunia.com/advisories&#x • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 0CVE-2007-5162 – Net: HTTP insufficient verification of SSL certificate
https://notcve.org/view.php?id=CVE-2007-5162
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. El método connect en lib/net/http.rb en las bibliotecas (1) Net::HTTP y (2) Net::HTTPS de Ruby 1.8.5 y 1.8.6 no verifica que el campo commonName (CN) en un certificado de servidor concuerde con el nombre de dominio de una petición HTTPS, lo cual facilita a atacantes remotos interceptar transmisiones SSL mediante un ataque de "hombre en medio" (man-in-the-middle) o sitio web falsificado. • http://secunia.com/advisories/26985 http://secunia.com/advisories/27044 http://secunia.com/advisories/27432 http://secunia.com/advisories/27576 http://secunia.com/advisories/27673 http://secunia.com/advisories/27756 http://secunia.com/advisories/27764 http://secunia.com/advisories/27769 http://secunia.com/advisories/27818 http://secunia.com/advisories/28645 http://secunia.com/advisories/29556 http://securityreason.com/securityalert/3180 http://svn.ruby-lang.org/cgi-bin/vi • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 6%CPEs: 8EXPL: 0CVE-2006-6303 – ruby's cgi.rb vulnerable infinite loop DoS
https://notcve.org/view.php?id=CVE-2006-6303
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. La función read_multipart en cgi.rb de Ruby anterior a 1.8.5-p2 no detecta adecuadamente los límites en contenido MIME multipart, lo cual permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante una petición HTTP artesanal, un asunto diferente que CVE-2006-5467. • http://bugs.gentoo.org/show_bug.cgi?id=157048 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287 http://docs.info.apple.com/article.html?artnum=305530 http://jvn.jp/jp/JVN%2384798830/index.html http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/23165 http://secunia.com/advisories/23268 http://secunia.com/advisories/23454 http://secunia.com/advisories/25402 http://secunia.com/advisories/27576 http://secunia.co • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •