17 matches found
Oracle: Security Advisory (ELSA-2007-0965)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : ruby on SL5.x, SL4.x i386/x86_64
A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. CVE-2006-6303 An SSL certificate validation flaw w...
Mac OS X Security Update 2007-009
The remote host is missing Security Update 2007-009. One or more of the following components are affected: Address Book CFNetwork ColorSync Core Foundation CUPS Desktop Services Flash Player Plug-in GNU Tar iChat IO Storage Family Launch Services Mail perl python Quick Look ruby Safari Safari RSS...
CentOS 4 : ruby (CESA-2007:0961)
Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was...
Ubuntu: Security Advisory (USN-596-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu Update for ruby1.8 vulnerabilities USN-596-1
Ubuntu Update for Linux kernel vulnerabilities USN-596-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5961.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for ruby1.8 vulnerabilities USN-596-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
USN-596-1: Ruby vulnerabilities
Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform machine-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby...
SuSE 10 Security Update : ruby (ZYPP Patch Number 4702)
This update of ruby improves the SSL certificate verification process. CVE-2007-5162 / CVE-2007-5770 Prior to this update it was possible to intercept SSL traffic with a man-in-the-middle attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...
Debian DSA-1411-1 : libopenssl-ruby - programming error
Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5162 It was discovered that the Ruby HTTPS module performs insufficient validation of SSL certificates, whic...
openSUSE 10 Security Update : ruby (ruby-4703)
This update of ruby improves the SSL certificate verification process. CVE-2007-5162, CVE-2007-5770 Prior to this update it was possible to intercept SSL traffic with a man-in-the-middle attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
[SECURITY] [DSA 1412-1] New ruby1.9 packages fix insecure SSL certificate validation
------------------------------------------------------------------------ Debian Security Advisory DSA-1412-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1411-1] New libopenssl-ruby packages fix insecure SSL certificate validation
------------------------------------------------------------------------ Debian Security Advisory DSA-1411-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1410-1] New ruby1.8 packages fix insecure SSL certificate validation
------------------------------------------------------------------------ Debian Security Advisory DSA-1410-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007 http://www.debian.org/security/faq -...
DSA-1412-1 ruby1.9 - possible man-in-the-middle attacks
Bulletin has no description...
Moderate: ruby security update
1.8.5-5.el51.1 - security fix for CVE-2007-5162 and CVE-2007-5770 - ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL certificate. 320331 - Fix the multilib regression issue. 1.8.5-5 - security fix release. - ruby-1.8.5-cgi-CVE-2006-6303.patch: fix a infinite loo...
CVE-2007-5770
Concrete details found: CVE-2007-5162 and CVE-2007-5770 affect Ruby 1.8.5/1.8.6. The MiracleLinux AXSA-2007-63:01 advisory states that the CN field in a server certificate is not verified against the domain in the request for (1) Net::HTTP/Net::HTTPS and (2) multiple Net modules (ftptls, telnets,...
Moderate: Red Hat Security Advisory: ruby security update
Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. An SSL certifica...