5 matches found
Improper Certificate Validation
jruby-openssl is vulnerable to Improper Certificate Validation. The vulnerability is due to incorrect hashing of certificate names in X509Name.java and insufficient checking of certificate path lengths in StoreContext.java. This allows an attacker to trick the client application into believing th...
GHSA-XGV7-PQQH-H2W9 jruby-openssl gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
jruby-openssl gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
SUSE-SU-2018:3572-1 Security update for apache2-mod_nss
This update for apache2-modnss fixes the following issues: Due to the update of mozilla-nss apache2-modnss needs to be updated to change to the SQLite certificate database, which is now the default bsc1108771. Because of that this update is tagged as security, to reach customers that only install...
jruby-openssl Gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...