What is the severity of CVE-2009-4123?

CVE-2009-4123 is classified as a high-severity vulnerability due to the potential for attackers to impersonate legitimate SSL servers.

How do I fix CVE-2009-4123?

To fix CVE-2009-4123, upgrade the jruby-openssl library to version 0.6 or later.

What applications are affected by CVE-2009-4123?

CVE-2009-4123 affects applications utilizing the jruby-openssl library version 0.6 and below.

What could happen if CVE-2009-4123 is exploited?

If exploited, CVE-2009-4123 allows attackers to successfully perform man-in-the-middle attacks by hijacking SSL connections.

Is CVE-2009-4123 still a risk today?

Yes, CVE-2009-4123 remains a risk if vulnerable versions of jruby-openssl are still in use in applications.

Vulnerability/
CVE-2009-4123

high

7.5

CWE

295

19/1/2023

12/12/2023

7/8/2024

CVE-2009-4123

First published: Thu Jan 19 2023(Updated: )

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
rubygems/jruby-openssl	<0.6	0.6
JRuby	<0.6
OpenSSL	<0.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4123?
CVE-2009-4123 is classified as a high-severity vulnerability due to the potential for attackers to impersonate legitimate SSL servers.
How do I fix CVE-2009-4123?
To fix CVE-2009-4123, upgrade the jruby-openssl library to version 0.6 or later.
What applications are affected by CVE-2009-4123?
CVE-2009-4123 affects applications utilizing the jruby-openssl library version 0.6 and below.
What could happen if CVE-2009-4123 is exploited?
If exploited, CVE-2009-4123 allows attackers to successfully perform man-in-the-middle attacks by hijacking SSL connections.
Is CVE-2009-4123 still a risk today?
Yes, CVE-2009-4123 remains a risk if vulnerable versions of jruby-openssl are still in use in applications.

collector/github-advisory-latest
alias/GHSA-xgv7-pqqh-h2w9
alias/CVE-2009-4123
agent/type
agent/first-publish-date
collector/github-advisory
source/GitHub
agent/software-canonical-lookup
agent/weakness
agent/references
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/trending
agent/source
agent/author
collector/nvd-api
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
package-manager/rubygems
vendor/jruby
canonical/jruby
canonical/openssl

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.