CVE-2013-4073
ruby: hostname check bypassing vulnerability in SSL client
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
La función OpenSSL::SSL.verify_certificate_identity en lib/openssl/ssl.rb en Ruby v1.8 anterior a v1.8.7-p374, v1.9 anterior a v1.9.3-p448, y v2.0 anterior a v2.0.0-p247 no manejar adecuadamente un carácter “\0” en un nombre de dominio en el campo Subject Alternative Name de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL de su elección mediante un certificado manipulado expedido por una Autoridad Certificadora legítima, un problema relacionado con CVE-2009-2408.
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion attack. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. The updated packages have been patched to correct these issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-09 CVE Reserved
- 2013-06-28 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21 | X_refsource_confirm | |
| http://support.apple.com/kb/HT6150 | X_refsource_confirm |
|
| https://puppet.com/security/cve/cve-2013-4073 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6-26 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6-26" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p160 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p17 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p173 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p174 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p22 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p248 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p249 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p299 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p301 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p302 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p330 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p334 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p352 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p357 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p358 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p370 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p371 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p373 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p71 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p72 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview3 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview4 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p0 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p125 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p194 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p286 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p383 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p385 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p392 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p426 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p429 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p0 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p195 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | rc1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | rc2 |
Affected
| ||||||