Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for trunk by ruby-lang

    CVE-2015-1855 (GCVE-0-2015-1855)

    Vulnerability from nvd – Published: 2019-11-29 20:46 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    Ruby Ruby Affected: before 2.0.0 patchlevel 645
    Affected: 2.1.x before 2.1.6
    Affected: and 2.2.x before 2.2.2
    Create a notification for this product.
    Date Public
    2015-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3247"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3245"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3246"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://puppetlabs.com/security/cve/cve-2015-1855"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.ruby-lang.org/issues/9644"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ruby",
              "vendor": "Ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 2.0.0 patchlevel 645"
                },
                {
                  "status": "affected",
                  "version": "2.1.x before 2.1.6"
                },
                {
                  "status": "affected",
                  "version": "and 2.2.x before 2.2.2"
                }
              ]
            }
          ],
          "datePublic": "2015-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T20:46:48.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3247"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3245"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3246"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://puppetlabs.com/security/cve/cve-2015-1855"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.ruby-lang.org/issues/9644"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-1855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ruby",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 2.0.0 patchlevel 645"
                              },
                              {
                                "version_value": "2.1.x before 2.1.6"
                              },
                              {
                                "version_value": "and 2.2.x before 2.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ruby"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.debian.org/security/2015/dsa-3247",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3247"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3245",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3245"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3246",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3246"
                },
                {
                  "name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
                  "refsource": "MISC",
                  "url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
                },
                {
                  "name": "https://puppetlabs.com/security/cve/cve-2015-1855",
                  "refsource": "MISC",
                  "url": "https://puppetlabs.com/security/cve/cve-2015-1855"
                },
                {
                  "name": "https://bugs.ruby-lang.org/issues/9644",
                  "refsource": "MISC",
                  "url": "https://bugs.ruby-lang.org/issues/9644"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1855",
        "datePublished": "2019-11-29T20:46:48.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1855 (GCVE-0-2015-1855)

    Vulnerability from cvelistv5 – Published: 2019-11-29 20:46 – Updated: 2024-08-06 04:54
    VLAI
    Summary
    verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Vendor Product Version
    Ruby Ruby Affected: before 2.0.0 patchlevel 645
    Affected: 2.1.x before 2.1.6
    Affected: and 2.2.x before 2.2.2
    Create a notification for this product.
    Date Public
    2015-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:54:16.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3247"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3245"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3246"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://puppetlabs.com/security/cve/cve-2015-1855"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.ruby-lang.org/issues/9644"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ruby",
              "vendor": "Ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 2.0.0 patchlevel 645"
                },
                {
                  "status": "affected",
                  "version": "2.1.x before 2.1.6"
                },
                {
                  "status": "affected",
                  "version": "and 2.2.x before 2.2.2"
                }
              ]
            }
          ],
          "datePublic": "2015-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-29T20:46:48.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3247"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3245"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3246"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://puppetlabs.com/security/cve/cve-2015-1855"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.ruby-lang.org/issues/9644"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-1855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ruby",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 2.0.0 patchlevel 645"
                              },
                              {
                                "version_value": "2.1.x before 2.1.6"
                              },
                              {
                                "version_value": "and 2.2.x before 2.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ruby"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.debian.org/security/2015/dsa-3247",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3247"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3245",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3245"
                },
                {
                  "name": "http://www.debian.org/security/2015/dsa-3246",
                  "refsource": "MISC",
                  "url": "http://www.debian.org/security/2015/dsa-3246"
                },
                {
                  "name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
                  "refsource": "MISC",
                  "url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
                },
                {
                  "name": "https://puppetlabs.com/security/cve/cve-2015-1855",
                  "refsource": "MISC",
                  "url": "https://puppetlabs.com/security/cve/cve-2015-1855"
                },
                {
                  "name": "https://bugs.ruby-lang.org/issues/9644",
                  "refsource": "MISC",
                  "url": "https://bugs.ruby-lang.org/issues/9644"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1855",
        "datePublished": "2019-11-29T20:46:48.000Z",
        "dateReserved": "2015-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:54:16.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }