Ruby Net::HTTP SSL Insecure Certificate Validation Weakness

Ruby Net::HTTP SSL Insecure Certificate Validation Weakness

Ruby's Net::HTTP library is prone to an insecure-certificate-validation weakness because the library fails to properly perform validity checks on X.509 certificates.

Successfully exploiting this issue may allow attackers to perform man-in-the-middle attacks against applications that insecurely use the affected library. Other attacks may also be possible.

NOTE: This issue is related to multiple weaknesses covered by BID 26421 - Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses.