Lucene search
+L

290 matches found

CVE
CVE
added 2021/08/01 12:0 a.m.347 views

CVE-2021-32066

CVE-2021-32066 affects Ruby up to 3.0.1 where Net::IMAP does not raise an exception when StartTLS fails with an unknown response, enabling potential MITM StartTLS stripping. Connected advisories confirm the issue and list affected Ruby versions (2.6.x–3.0.x) and that fixes are provided in newer R...

7.4CVSS7.3AI score0.02909EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2021/08/01 12:0 a.m.31 views

CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.7AI score0.02909EPSS
Exploits1References8
RubySec
RubySec
added 2021/08/01 12:0 a.m.8 views

imap - StartTLS stripping attack

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS7AI score0.02909EPSS
Exploits1References1Affected Software1
ArchLinux
ArchLinux
added 2021/07/14 12:0 a.m.223 views

[ASA-202107-25] ruby2.6: multiple issues

Arch Linux Security Advisory ASA-202107-25 ========================================== Severity: High Date : 2021-07-14 CVE-ID : CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 Package : ruby2.6 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2140 Summary ======= The...

7.4CVSS1.2AI score0.0305EPSS
Exploits2References14
RedhatCVE
RedhatCVE
added 2021/07/07 9:52 p.m.61 views

CVE-2021-32066

Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...

7.4CVSS1.2AI score0.02909EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2021/07/07 12:0 a.m.59 views

Ruby -- multiple vulnerabilities

Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc...

7.4CVSS1.4AI score0.0305EPSS
Exploits2References6
Hacker One
Hacker One
added 2021/04/28 4:6 p.m.131 views

Ruby: imap: StartTLS stripping attack (CVE-2016-0772).

net/imap does not seem to raise an exception when the remote end imap server fails to respond with taggedresponse NO/BAD or OK to an explicit call of imap.starttls. This may allow a malicious MITM to perform a starttls stripping attack if the client code does not explicitly set usessl = true on...

5.8CVSS0.1AI score0.1503EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2021/04/28 12:0 a.m.4 views

PT-2021-3883

Name of the Vulnerable Software and Affected Versions Ruby versions 2.6.7 and earlier, 2.7.x through 2.7.3, and 3.x through 3.0.1 Description The issue is related to the implementation of the Net::IMAP class in the Ruby interpreter, specifically with errors in the certificate authentication...

9.8CVSS8.1AI score0.10715EPSS
Exploits9References207
Tenable Nessus
Tenable Nessus
added 2007/11/07 12:0 a.m.38 views

Fedora 8 : ruby-1.8.6.111-1.fc8 (2007-2812)

This release contains another fixes of CVE-2007-5162 for Net::FTPTLS, Net::Telnet and Net::IMAP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

4.3CVSS7.2AI score0.01681EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/11/06 12:0 a.m.27 views

Fedora Core 6 : ruby-1.8.5.114-1.fc6 (2007-738)

This release contains another fixes of CVE-2007-5162 for Net::FTPTLS, Net::Telnet and Net::IMAP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

4.3CVSS7.2AI score0.01681EPSS
Exploits0References1
Rows per page
Query Builder