CVSS: 9.1EPSS: 10%CPEs: 2EXPL: 0CVE-2007-5770 – net:: * modules
https://notcve.org/view.php?id=CVE-2007-5770
14 Nov 2007 — The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. Las librerias (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, y (5) Net::smtp en Ruby 1.... • http://docs.info.apple.com/article.html?artnum=307179 • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5162 – Net: HTTP insufficient verification of SSL certificate
https://notcve.org/view.php?id=CVE-2007-5162
01 Oct 2007 — The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. El método connect en lib/net/http.rb en las bibliotecas (1) Net::HTTP y (2) Net::HTTPS de Ruby 1.8.5 y 1.8.6 no verifica que el campo commonName (CN) en un ce... • http://secunia.com/advisories/26985 • CWE-287: Improper Authentication •