Red Hat Bugzilla – Bug 362081
CVE-2007-5770 ruby insufficient verification of SSL certificate in various net::* modules
Last modified: 2011-10-26 09:52:55 EDT
A flaw was discovered in a way various ruby net::* modules verify commonName
(CN) attribute of SSL certificate provided by server against requested hostname,
which makes it easier for remote attackers to intercept SSL transmissions via a
man-in-the-middle attack or spoofed site.
Issue was originally reported for net::http(s) module and was assigned CVE id
CVE-2007-5162. However, similar issue also affects other modules: net::ftptls,
net::telnets, net::imap and CVS versions of net::pop and net::smtp.
Upstream SVN commit:
This issue was addressed in:
Red Hat Enterprise Linux: