Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for trunk by ruby-lang
CVE-2015-1855 (GCVE-0-2015-1855)
Vulnerability from cvelistv5 – Published: 2019-11-29 20:46 – Updated: 2024-08-06 04:54
VLAI
Summary
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2015/dsa-3247 | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3245 | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3246 | x_refsource_MISC |
| https://www.ruby-lang.org/en/news/2015/04/13/ruby… | x_refsource_MISC |
| https://puppetlabs.com/security/cve/cve-2015-1855 | x_refsource_MISC |
| https://bugs.ruby-lang.org/issues/9644 | x_refsource_MISC |
Impacted products
Date Public
2015-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "before 2.0.0 patchlevel 645"
},
{
"status": "affected",
"version": "2.1.x before 2.1.6"
},
{
"status": "affected",
"version": "and 2.2.x before 2.2.2"
}
]
}
],
"datePublic": "2015-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T20:46:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "before 2.0.0 patchlevel 645"
},
{
"version_value": "2.1.x before 2.1.6"
},
{
"version_value": "and 2.2.x before 2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.debian.org/security/2015/dsa-3247",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"name": "http://www.debian.org/security/2015/dsa-3245",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"name": "http://www.debian.org/security/2015/dsa-3246",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"refsource": "MISC",
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"name": "https://puppetlabs.com/security/cve/cve-2015-1855",
"refsource": "MISC",
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"name": "https://bugs.ruby-lang.org/issues/9644",
"refsource": "MISC",
"url": "https://bugs.ruby-lang.org/issues/9644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1855",
"datePublished": "2019-11-29T20:46:48.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1855 (GCVE-0-2015-1855)
Vulnerability from nvd – Published: 2019-11-29 20:46 – Updated: 2024-08-06 04:54
VLAI
Summary
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2015/dsa-3247 | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3245 | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3246 | x_refsource_MISC |
| https://www.ruby-lang.org/en/news/2015/04/13/ruby… | x_refsource_MISC |
| https://puppetlabs.com/security/cve/cve-2015-1855 | x_refsource_MISC |
| https://bugs.ruby-lang.org/issues/9644 | x_refsource_MISC |
Impacted products
Date Public
2015-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "before 2.0.0 patchlevel 645"
},
{
"status": "affected",
"version": "2.1.x before 2.1.6"
},
{
"status": "affected",
"version": "and 2.2.x before 2.2.2"
}
]
}
],
"datePublic": "2015-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T20:46:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ruby-lang.org/issues/9644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "before 2.0.0 patchlevel 645"
},
{
"version_value": "2.1.x before 2.1.6"
},
{
"version_value": "and 2.2.x before 2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.debian.org/security/2015/dsa-3247",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"name": "http://www.debian.org/security/2015/dsa-3245",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"name": "http://www.debian.org/security/2015/dsa-3246",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"refsource": "MISC",
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"name": "https://puppetlabs.com/security/cve/cve-2015-1855",
"refsource": "MISC",
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"name": "https://bugs.ruby-lang.org/issues/9644",
"refsource": "MISC",
"url": "https://bugs.ruby-lang.org/issues/9644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1855",
"datePublished": "2019-11-29T20:46:48.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}