290 matches found
CVE-2021-32066
CVE-2021-32066 affects Ruby up to 3.0.1 where Net::IMAP does not raise an exception when StartTLS fails with an unknown response, enabling potential MITM StartTLS stripping. Connected advisories confirm the issue and list affected Ruby versions (2.6.x–3.0.x) and that fixes are provided in newer R...
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
imap - StartTLS stripping attack
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
[ASA-202107-25] ruby2.6: multiple issues
Arch Linux Security Advisory ASA-202107-25 ========================================== Severity: High Date : 2021-07-14 CVE-ID : CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 Package : ruby2.6 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2140 Summary ======= The...
CVE-2021-32066
Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...
Ruby -- multiple vulnerabilities
Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc...
Ruby: imap: StartTLS stripping attack (CVE-2016-0772).
net/imap does not seem to raise an exception when the remote end imap server fails to respond with taggedresponse NO/BAD or OK to an explicit call of imap.starttls. This may allow a malicious MITM to perform a starttls stripping attack if the client code does not explicitly set usessl = true on...
PT-2021-3883
Name of the Vulnerable Software and Affected Versions Ruby versions 2.6.7 and earlier, 2.7.x through 2.7.3, and 3.x through 3.0.1 Description The issue is related to the implementation of the Net::IMAP class in the Ruby interpreter, specifically with errors in the certificate authentication...
Fedora 8 : ruby-1.8.6.111-1.fc8 (2007-2812)
This release contains another fixes of CVE-2007-5162 for Net::FTPTLS, Net::Telnet and Net::IMAP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Fedora Core 6 : ruby-1.8.5.114-1.fc6 (2007-738)
This release contains another fixes of CVE-2007-5162 for Net::FTPTLS, Net::Telnet and Net::IMAP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...