CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the
return value from the OCSP_basic_verify function, which might allow remote
attackers to successfully present an invalid X.509 certificate, possibly
involving a revoked certificate.