ruby
Page content
- Author: voroskoi
- Vulnerable: 1.8.5-4terminus1
- Unaffected: 1.8.5-4terminus2
Chris Clark has reported a security issue in Ruby, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the “Net::HTTPS” library not properly checking if the Common Name field provided inside SSL server certificates matches the requested hostname of a server. This can be exploited to conduct spoofing attacks. Successful exploitation requires a MitM (Man-in-the-Middle) attack and possession of a valid certificate, which is signed by the CA specified in the client.
- Bug Tracker URL: http://bugs.frugalware.org/task/2459