2 matches found
CVE-2007-5162
CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...
CVE-2007-5770
Concrete details found: CVE-2007-5162 and CVE-2007-5770 affect Ruby 1.8.5/1.8.6. The MiracleLinux AXSA-2007-63:01 advisory states that the CN field in a server certificate is not verified against the domain in the request for (1) Net::HTTP/Net::HTTPS and (2) multiple Net modules (ftptls, telnets,...