- Home
- CVEs with nessus.description==This ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates.
The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks.
The code for parsing XML data was vulnerable to a denial of service bug. (CVE-2008-3790)
An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load.
Ruby's access restriction code (CVE-2008-3655) as well as safe-level handling using function DL.dlopen() (CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved.
Bypassing HTTP basic authentication (authenticate_with_http_digest) is not possible anymore.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top