The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

OSVersionArchitecturePackageVersionFilename
Debian11allpuppet< 5.5.22-2puppet_5.5.22-2_all.deb
Debian10allpuppet< 5.5.10-4puppet_5.5.10-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	puppet	< 5.5.22-2	puppet_5.5.22-2_all.deb
Debian	10	all	puppet	< 5.5.10-4	puppet_5.5.10-4_all.deb

f5 6

prion 23

cve 18

ubuntucve 12

rubygems 1

nessus 54

openvas 45

mozilla 1

exploitdb 1

securityvulns 8

threatpost 2

seebug 2

veracode 2

fedora 1

redhat 3

mageia 1

debiancve 8

freebsd 1

centos 1

oraclelinux 1

slackware 1

ubuntu 1

debian 3

talos 1

amazon 1

aix 1

SOL15683 - Ruby vulnerability CVE-2013-4073

2014-10-09 00:00:00

K15683 : Ruby vulnerability CVE-2013-4073

2014-10-09 00:00:00

SOL15638 - Python vulnerability CVE-2013-4238

2014-09-29 00:00:00

prion

Design/Logic Flaw

2013-08-18 02:52:00

Code injection

2009-07-30 19:30:00

Design/Logic Flaw

2010-01-04 21:30:00

cve

CVE-2013-4073

2013-08-18 02:52:00

CVE-2009-2408

2009-07-30 19:30:00

CVE-2013-4248

2013-08-18 02:52:00

ubuntucve

CVE-2013-4073

2013-06-28 00:00:00

CVE-2009-2408

2009-07-30 00:00:00

CVE-2013-4238

2013-08-17 00:00:00

rubygems

CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

2013-06-26 20:00:00

nessus

Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4073_cryptographic_issues)

2015-01-19 00:00:00

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1303)

2009-09-18 00:00:00

Mozilla Thunderbird < 2.0.0.23 Certificate Authority (CA) Common Name Null Byte Handling SSL MiTM Weakness

2009-08-21 00:00:00

openvas

Mandrake Security Advisory MDVSA-2009:206 (wget)

2009-09-02 00:00:00

SLES10: Security update for OpenLDAP2

2009-10-13 00:00:00

SLES11: Security update for OpenLDAP2

2009-10-11 00:00:00

mozilla

Compromise of SSL-protected communication — Mozilla

2009-08-01 00:00:00

exploitdb

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

2009-06-30 00:00:00

securityvulns

Mozilla Foundation Security Advisory 2009-42

2009-08-07 00:00:00

Ruby certificate spoofing

2013-07-01 00:00:00

[slackware-security] ruby (SSA:2013-178-01)

2013-07-01 00:00:00

threatpost

Apple Safari

2009-12-29 21:50:26

OpenSSL Man-in-the-middle flaw fixed in Ruby

2013-06-27 12:04:28

seebug

Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞

2009-07-31 00:00:00

Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)

2017-09-19 00:00:00

veracode

Man-in-the-Middle (MitM)

2020-04-10 00:33:40

Man-in-the-Middle (MitM)

2019-01-15 08:56:39

fedora

[SECURITY] Fedora 19 Update: ruby-2.0.0.247-14.fc19

2013-07-16 01:36:47

redhat

(RHSA-2013:1137) Moderate: ruby193-ruby security update

2013-08-05 00:00:00

(RHSA-2013:1103) Moderate: ruby193-ruby security update

2013-07-23 00:00:00

(RHSA-2013:1090) Moderate: ruby security update

2013-07-17 00:00:00

mageia

Updated ruby packages fix CVE-2013-4073

2013-07-26 15:29:37

debiancve

CVE-2009-2408

2009-07-30 19:30:00

CVE-2009-2702

2009-09-08 18:30:00

CVE-2009-3767

2009-10-23 19:30:00

freebsd

ruby -- Hostname check bypassing vulnerability in SSL client

2013-06-27 00:00:00

centos

ruby security update

2013-07-17 19:44:42

oraclelinux

ruby security update

2013-07-17 00:00:00

slackware

[slackware-security] ruby

2013-06-28 01:16:46

ubuntu

Ruby vulnerability

2013-07-09 00:00:00

debian

[Backports-security-announce] Security Update for proftpd-dfsg

2010-01-26 21:30:08

[Backports-security-announce] Security Update for proftpd-dfsg

2010-01-26 21:06:44

[SECURITY] [DSA 2738-1] ruby1.9.1 security update

2013-08-18 16:58:53

talos

Randombit Botan Library X509 Certificate Validation Bypass Vulnerability

2017-04-28 00:00:00

amazon

Medium: python27

2013-09-04 13:31:00

aix

Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS

2010-03-29 15:54:57

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

49.5%

JSON

Related for DEBIANCVE:CVE-2013-4073