Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2007:0961
HistoryNov 13, 2007 - 12:00 a.m.

(RHSA-2007:0961) Moderate: ruby security update

2007-11-1300:00:00
access.redhat.com
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.057 Low

EPSS

Percentile

92.5%

JSON

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby’s CGI module handles certain HTTP
requests. If a remote attacker sends a specially crafted request, it is
possible to cause the ruby CGI script to enter an infinite loop, possibly
causing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Net
modules. The libraries were not checking the requested host name against
the common name (CN) in the SSL server certificate, possibly allowing a man
in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Related

nessus 37
oraclelinux 3
centos 3
openvas 53
osv 3
debian 3
redhat 2
prion 2
ubuntucve 3
ubuntu 2
securityvulns 2
cve 3
seebug 2
fedora 14
gentoo 1
altlinux 1
freebsd 1
rubygems 1
nessus
nessus
RHEL 4 : ruby (RHSA-2007:0961)
2007-11-14 00:00:00
Oracle Linux 4 : ruby (ELSA-2007-0961)
2013-07-12 00:00:00
Scientific Linux Security Update : ruby on SL5.x, SL4.x i386/x86_64
2012-08-01 00:00:00
oraclelinux
oraclelinux
Moderate: ruby security update
2007-11-23 00:00:00
Moderate: ruby security update
2007-11-13 00:00:00
ruby security update
2008-07-14 00:00:00
centos
centos
irb, ruby security update
2007-11-13 13:51:34
irb, ruby security update
2008-07-14 16:43:34
irb, ruby security update
2008-07-14 23:50:47
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0965)
2015-10-08 00:00:00
Debian Security Advisory DSA 1411-1 (libopenssl-ruby)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-596-1)
2009-03-23 00:00:00
osv
osv
libopenssl-ruby - possible man-in-the-middle attacks
2007-11-24 00:00:00
ruby1.9 - possible man-in-the-middle attacks
2007-11-24 00:00:00
ruby1.8 - possible man-in-the-middle attacks
2007-11-24 00:00:00
debian
debian
[SECURITY] [DSA 1411-1] New libopenssl-ruby packages fix insecure SSL certificate validation
2007-11-25 08:09:18
[SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation
2007-11-25 08:10:14
[SECURITY] [DSA 1410-1] New ruby1.8 packages fix insecure SSL certificate validation
2007-11-25 08:08:23
redhat
redhat
(RHSA-2007:0965) Moderate: ruby security update
2007-11-13 00:00:00
(RHSA-2008:0562) Moderate: ruby security update
2008-07-14 00:00:00
prion
prion
Cross site request forgery (csrf)
2007-11-14 01:46:00
Cross site request forgery (csrf)
2007-10-01 05:17:00
ubuntucve
ubuntucve
CVE-2007-5770
2007-11-14 00:00:00
CVE-2007-5162
2007-10-01 00:00:00
CVE-2006-6303
2006-12-06 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2008-03-26 00:00:00
Ruby vulnerability
2006-12-08 00:00:00
securityvulns
securityvulns
Ruby Net::HTTPS library certificates validation cryptographic vulnerability
2007-10-01 00:00:00
[ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability
2006-12-07 00:00:00
cve
cve
CVE-2007-5770
2007-11-14 01:46:00
CVE-2007-5162
2007-10-01 05:17:00
CVE-2006-6303
2006-12-06 19:28:00
seebug
seebug
Ruby多个库SSL多个不安全证书验证漏洞
2007-11-17 00:00:00
Apple Mac OS X 2007-005多个安全漏洞
2007-05-25 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: ruby-1.8.5.114-1.fc6
2007-11-05 14:48:06
[SECURITY] Fedora 7 Update: ruby-1.8.6.111-1.fc7
2007-10-29 19:04:39
[SECURITY] Fedora 7 Update: ruby-1.8.6.110-1.fc7
2007-10-08 14:56:51
gentoo
gentoo
Ruby: Denial of Service vulnerability
2006-12-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package ruby version 1.8.6-alt3
2008-01-11 00:00:00
freebsd
freebsd
ruby -- cgi.rb library Denial of Service
2006-12-04 00:00:00
rubygems
rubygems
Ruby Net::HTTPS library does not validate server certificate CN
2007-10-07 20:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.057 Low

EPSS

Percentile

92.5%

JSON
Related for RHSA-2007:0961
nessus37oraclelinux3centos3openvas53osv3debian3redhat2prion2ubuntucve3ubuntu2securityvulns2cve3seebug2fedora14gentoo1altlinux1freebsd1rubygems1