Lucene search
K

5 matches found

Veracode
Veracode
added 2023/12/14 7:52 a.m.20 views

Improper Certificate Validation

jruby-openssl is vulnerable to Improper Certificate Validation. The vulnerability is due to incorrect hashing of certificate names in X509Name.java and insufficient checking of certificate path lengths in StoreContext.java. This allows an attacker to trick the client application into believing th...

7.5CVSS6.6AI score0.006EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/01/19 5:51 p.m.20 views

GHSA-XGV7-PQQH-H2W9 jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

7.5CVSS7.4AI score0.006EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/01/19 5:51 p.m.28 views

jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

7.5CVSS3.9AI score0.006EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/10/30 12:31 p.m.3 views

SUSE-SU-2018:3572-1 Security update for apache2-mod_nss

This update for apache2-modnss fixes the following issues: Due to the update of mozilla-nss apache2-modnss needs to be updated to change to the SQLite certificate database, which is now the default bsc1108771. Because of that this update is tagged as security, to reach customers that only install...

7.1AI score
Exploits0References8
RubySec
RubySec
added 2009/12/07 12:0 a.m.22 views

jruby-openssl Gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

7.5CVSS3.9AI score0.006EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder