1. Home
  2. Vulnerabilities
  3. CVE-2007-5770

CVE-2007-5770

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.95 % (83th)
0.95% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.

Weaknesses
CWE-287
Improper Authentication
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2007-11-14 01:46:00
(17 years ago)
Updated Date
2017-09-29 01:29:41
(7 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8.5 cpe:2.3:a:ruby-lang:ruby:1.8.5
  Ruby-lang Ruby 1.8.6 cpe:2.3:a:ruby-lang:ruby:1.8.6