14 matches found
SUSE CVE-2013-4073
The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...
SUSE CVE-2016-7798
The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...
PT-2023-9883 · Ruby · Jruby-Openssl
Name of the Vulnerable Software and Affected Versions: jruby-openssl gem versions prior to 0.6 Description: A security issue was found in the handling of SSL certificate validation, where failed verification did not properly alert the application, making it vulnerable to attacks. This could allow...
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
...
ruby: OpenSSL::X509:: Name equality check does not work correctly
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...
UBUNTU-CVE-2018-16395
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...
Ruby OpenSSL CVE-2018-16395 Certificate Validation Security Bypass Vulnerability
Description Ruby OpenSSL is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Technologies Affected Oracle Communications Interactive Session Recorder 6.0 Oracle...
Amazon Linux AMI : ruby18 (ALAS-2015-529)
As discussed in an upstream announcement, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Medium: ruby22
Issue Overview: As discussed in an upstream announcement https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as...
Debian Security Advisory DSA 3245-1 (ruby1.8 - security update)
It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. OpenVAS Vulnerability Tes...
Debian: Security Advisory (DSA-3247-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-3246-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-3245-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ruby OpenSSL CA private key forgery vulnerability-vulnerability warning-the black bar safety net
The Ruby OpenSSL CA private key forgery vulnerability require ‘rubygems’ require ‘openssl’ require 'digest/md5' key = OpenSSL::PKey::RSA. new2 0 4 8 cipher = OpenSSL::Cipher::AES. new2 5 6, :CBC ctx = OpenSSL::SSL::SSLContext. new puts “Spoof must be in DER format and saved as root. cer” raw =...