CVE-2007-5770

NONECVSS 0.0

0.0

The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.

🔗 References (54)

secalert@redhathttp://docs.info.apple.com/article.html?artnum=307179
secalert@redhathttp://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
secalert@redhathttp://secunia.com/advisories/26985
secalert@redhathttp://secunia.com/advisories/27576
secalert@redhathttp://secunia.com/advisories/27673
secalert@redhathttp://secunia.com/advisories/27756
secalert@redhathttp://secunia.com/advisories/27764
secalert@redhathttp://secunia.com/advisories/27769
secalert@redhathttp://secunia.com/advisories/27818
secalert@redhathttp://secunia.com/advisories/28136
secalert@redhathttp://secunia.com/advisories/28645
secalert@redhathttp://secunia.com/advisories/29556
secalert@redhathttp://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
secalert@redhathttp://www.debian.org/security/2007/dsa-1410
secalert@redhathttp://www.debian.org/security/2007/dsa-1411

Is Your Infrastructure Affected by CVE-2007-5770?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-5770

📅 Published

🔄 Last Modified

🔗 References (54)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-5770?