What is the severity of REDHAT-BUG-313691?

The severity of REDHAT-BUG-313691 is considered critical due to the potential for man-in-the-middle attacks.

How do I fix REDHAT-BUG-313691?

To fix REDHAT-BUG-313691, it is recommended to upgrade to Ruby version 1.8.7 or later.

Which versions of Ruby are affected by REDHAT-BUG-313691?

Ruby versions 1.8.5 and 1.8.6 are affected by REDHAT-BUG-313691.

What is the nature of the vulnerability in REDHAT-BUG-313691?

The vulnerability in REDHAT-BUG-313691 exists due to the connect method not verifying the SSL certificates properly.

Is there a workaround for REDHAT-BUG-313691 if I cannot upgrade?

While upgrading is the best solution, a temporary workaround involves manually verifying SSL certificates during the connection process.

Vulnerability/
REDHAT-BUG-313691

medium

1/10/2007

29/9/2019

REDHAT-BUG-313691

First published: Mon Oct 01 2007(Updated: )

Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2007-5162">CVE-2007-5162</a> to the following vulnerability: The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. References: <a href="http://www.isecpartners.com/advisories/2007-006-rubyssl.txt">http://www.isecpartners.com/advisories/2007-006-rubyssl.txt</a> <a href="http://www.securityfocus.com/bid/25847">http://www.securityfocus.com/bid/25847</a> <a href="http://www.securityfocus.com/archive/1/480987">http://www.securityfocus.com/archive/1/480987</a> Patch applied to trunk: <a href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499</a> (original advisory links to other commits in other svn branches)

Affected Software	Affected Version	How to fix
Ruby	>=1.8.5<=1.8.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-313691?
The severity of REDHAT-BUG-313691 is considered critical due to the potential for man-in-the-middle attacks.
How do I fix REDHAT-BUG-313691?
To fix REDHAT-BUG-313691, it is recommended to upgrade to Ruby version 1.8.7 or later.
Which versions of Ruby are affected by REDHAT-BUG-313691?
Ruby versions 1.8.5 and 1.8.6 are affected by REDHAT-BUG-313691.
What is the nature of the vulnerability in REDHAT-BUG-313691?
The vulnerability in REDHAT-BUG-313691 exists due to the connect method not verifying the SSL certificates properly.
Is there a workaround for REDHAT-BUG-313691 if I cannot upgrade?
While upgrading is the best solution, a temporary workaround involves manually verifying SSL certificates during the connection process.

agent/type
agent/last-modified-date
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2007-5162
agent/references
agent/severity
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/ruby
canonical/ruby

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.