CVE-2017-17718

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
References
Link Resource
https://github.com/ruby-ldap/ruby-net-ldap/pull/279 Issue Tracking Patch Third Party Advisory
https://github.com/ruby-ldap/ruby-net-ldap/issues/258 Issue Tracking Patch Third Party Advisory
http://openwall.com/lists/oss-security/2017/12/17/10 Issue Tracking Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:net-ldap_project:net-ldap:0.11:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.10.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.3.1:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.2.2:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.0.5:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.8.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.7.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.6.1:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.6.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.15.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.14.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.13.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.12.1:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.12.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.10.1:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.9.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.5.1:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.3.0:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.2.1:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.2:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.1.1:*:*:*:*:ruby:*:*
cpe:2.3:a:net-ldap_project:net-ldap:0.1.0:*:*:*:*:ruby:*:*

Information

Published : 2017-12-17 13:29

Updated : 2018-01-05 10:12


NVD link : CVE-2017-17718

Mitre link : CVE-2017-17718


JSON object : View

CWE
CWE-295

Improper Certificate Validation

Advertisement

dedicated server usa

Products Affected

net-ldap_project

  • net-ldap