1. Home
  2. Vulnerabilities
  3. CVE-2013-4073

CVE-2013-4073

CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.14 % (51th)
0.14% Progress
Affected Products 1
Advisories 12
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Weaknesses
CWE-310
Cryptographic Issues
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2013-08-18 02:52:22
(11 years ago)
Updated Date
2023-11-07 02:16:06
(10 months ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8.6-26 cpe:2.3:a:ruby-lang:ruby:1.8.6-26
  Ruby-lang Ruby 1.8.7 cpe:2.3:a:ruby-lang:ruby:1.8.7
  Ruby-lang Ruby 1.8.7 P160 cpe:2.3:a:ruby-lang:ruby:1.8.7:p160
  Ruby-lang Ruby 1.8.7 P17 cpe:2.3:a:ruby-lang:ruby:1.8.7:p17
  Ruby-lang Ruby 1.8.7 P173 cpe:2.3:a:ruby-lang:ruby:1.8.7:p173
  Ruby-lang Ruby 1.8.7 P174 cpe:2.3:a:ruby-lang:ruby:1.8.7:p174
  Ruby-lang Ruby 1.8.7 P22 cpe:2.3:a:ruby-lang:ruby:1.8.7:p22
  Ruby-lang Ruby 1.8.7 P248 cpe:2.3:a:ruby-lang:ruby:1.8.7:p248
  Ruby-lang Ruby 1.8.7 P249 cpe:2.3:a:ruby-lang:ruby:1.8.7:p249
  Ruby-lang Ruby 1.8.7 P299 cpe:2.3:a:ruby-lang:ruby:1.8.7:p299
  Ruby-lang Ruby 1.8.7 P301 cpe:2.3:a:ruby-lang:ruby:1.8.7:p301
  Ruby-lang Ruby 1.8.7 P302 cpe:2.3:a:ruby-lang:ruby:1.8.7:p302
  Ruby-lang Ruby 1.8.7 P330 cpe:2.3:a:ruby-lang:ruby:1.8.7:p330
  Ruby-lang Ruby 1.8.7 P334 cpe:2.3:a:ruby-lang:ruby:1.8.7:p334
  Ruby-lang Ruby 1.8.7 P352 cpe:2.3:a:ruby-lang:ruby:1.8.7:p352
  Ruby-lang Ruby 1.8.7 P357 cpe:2.3:a:ruby-lang:ruby:1.8.7:p357
  Ruby-lang Ruby 1.8.7 P358 cpe:2.3:a:ruby-lang:ruby:1.8.7:p358
  Ruby-lang Ruby 1.8.7 P370 cpe:2.3:a:ruby-lang:ruby:1.8.7:p370
  Ruby-lang Ruby 1.8.7 P371 cpe:2.3:a:ruby-lang:ruby:1.8.7:p371
  Ruby-lang Ruby 1.8.7 P373 cpe:2.3:a:ruby-lang:ruby:1.8.7:p373
  Ruby-lang Ruby 1.8.7 P71 cpe:2.3:a:ruby-lang:ruby:1.8.7:p71
  Ruby-lang Ruby 1.8.7 P72 cpe:2.3:a:ruby-lang:ruby:1.8.7:p72
  Ruby-lang Ruby 1.8.7 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1
  Ruby-lang Ruby 1.8.7 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2
  Ruby-lang Ruby 1.8.7 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3
  Ruby-lang Ruby 1.8.7 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4
  Ruby-lang Ruby 1.9.3 cpe:2.3:a:ruby-lang:ruby:1.9.3
  Ruby-lang Ruby 1.9.3 P0 cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
  Ruby-lang Ruby 1.9.3 P125 cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
  Ruby-lang Ruby 1.9.3 P194 cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
  Ruby-lang Ruby 1.9.3 P286 cpe:2.3:a:ruby-lang:ruby:1.9.3:p286
  Ruby-lang Ruby 1.9.3 P383 cpe:2.3:a:ruby-lang:ruby:1.9.3:p383
  Ruby-lang Ruby 1.9.3 P385 cpe:2.3:a:ruby-lang:ruby:1.9.3:p385
  Ruby-lang Ruby 1.9.3 P392 cpe:2.3:a:ruby-lang:ruby:1.9.3:p392
  Ruby-lang Ruby 1.9.3 P426 cpe:2.3:a:ruby-lang:ruby:1.9.3:p426
  Ruby-lang Ruby 1.9.3 P429 cpe:2.3:a:ruby-lang:ruby:1.9.3:p429
  Ruby-lang Ruby 2.0.0 P0 cpe:2.3:a:ruby-lang:ruby:2.0.0:p0
  Ruby-lang Ruby 2.0.0 P195 cpe:2.3:a:ruby-lang:ruby:2.0.0:p195
  Ruby-lang Ruby 2.0.0 Preview1 cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1
  Ruby-lang Ruby 2.0.0 Preview2 cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2
  Ruby-lang Ruby 2.0.0 Rc1 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1
  Ruby-lang Ruby 2.0.0 Rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2