CVE-2009-0642Improper Authentication in Ruby

CWE-287Improper Authentication6 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
1.0%
top 23.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedFeb 20
Latest updateMay 2

Description

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDruby-lang/ruby1.8, 1.9+1

🔴Vulnerability Details

2
GHSA
GHSA-4gvm-4mw2-9fpv: ext/openssl/ossl_ocsp2022-05-02
CVEList
CVE-2009-0642: ext/openssl/ossl_ocsp2009-02-18

📋Vendor Advisories

2
Ubuntu
Ruby vulnerabilities2009-07-20
Red Hat
ruby: Incorrect checks for validity of X.509 certificates2009-01-29

💬Community

1
Bugzilla
CVE-2009-0642 ruby: Incorrect checks for validity of X.509 certificates2009-02-18
CVE-2009-0642 — Improper Authentication in Ruby | cvebase