CVE-2009-0642

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528

http://redmine.ruby-lang.org/issues/show/1091

http://secunia.com/advisories/33750

http://secunia.com/advisories/35699

http://secunia.com/advisories/35937

http://www.mandriva.com/security/advisories?name=MDVSA-2009:193

http://www.redhat.com/support/errata/RHSA-2009-1140.html

http://www.securityfocus.com/bid/33769

http://www.securitytracker.com/id?1022505

http://www.ubuntu.com/usn/USN-805-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/48761

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450

Details

Source: MITRE

Published: 2009-02-20

Updated: 2017-09-29

Type: CWE-287

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
67889Oracle Linux 4 / 5 : ruby (ELSA-2009-1140)NessusOracle Linux Local Security Checks
medium
60613Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
51760SuSE 10 Security Update : ruby (ZYPP Patch Number 6338)NessusSuSE Local Security Checks
high
44725Debian DSA-1860-1 : ruby1.8, ruby1.9 - several vulnerabilitiesNessusDebian Local Security Checks
medium
43767CentOS 5 : ruby (CESA-2009:1140)NessusCentOS Local Security Checks
medium
43044Mandriva Linux Security Advisory : ruby (MDVSA-2009:325)NessusMandriva Local Security Checks
medium
42032openSUSE 10 Security Update : ruby (ruby-6339)NessusSuSE Local Security Checks
high
41452SuSE 11 Security Update : ruby (SAT Patch Number 1073)NessusSuSE Local Security Checks
high
41312SuSE9 Security Update : ruby (YOU Patch Number 12452)NessusSuSE Local Security Checks
high
40497Mandriva Linux Security Advisory : ruby (MDVSA-2009:193)NessusMandriva Local Security Checks
medium
40329Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ruby1.8, ruby1.9 vulnerabilities (USN-805-1)NessusUbuntu Local Security Checks
medium
40306openSUSE Security Update : ruby (ruby-1070)NessusSuSE Local Security Checks
high
40122openSUSE Security Update : ruby (ruby-1070)NessusSuSE Local Security Checks
high
39599RHEL 4 / 5 : ruby (RHSA-2009:1140)NessusRed Hat Local Security Checks
medium