CVE-2015-1855

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ruby-lang:ruby:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:trunk:*:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:puppet:puppet_agent:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*

Information

Published : 2019-11-29 13:15

Updated : 2020-09-30 05:27


NVD link : CVE-2015-1855

Mitre link : CVE-2015-1855


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

ruby-lang

  • ruby
  • trunk

debian

  • debian_linux

puppet

  • puppet_enterprise
  • puppet_agent