CVE-2007-5770

Impact:
Moderate
Public Date:
2007-10-08
Bugzilla:
362081: CVE-2007-5770 ruby insufficient verification of SSL certificate in various net::* modules

The MITRE CVE dictionary describes this issue as:

The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.

Find out more about CVE-2007-5770 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (ruby) RHSA-2007:0961 2007-11-13
Red Hat Enterprise Linux 5 (ruby) RHSA-2007:0965 2007-11-13

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.