info
discussion
exploit
solution
references
Ruby Net::HTTP SSL Insecure Certificate Validation Weakness
References:
Revision 13499
(Ruby)
Revision 13500
(Ruby)
Revision 13502
(Ruby)
Revision 13504
(Ruby)
Ruby Homepage
(Yukihiro Matsumoto)
Ruby Net::HTTPS library does not validate server certificate CN
(Chris Clark
)
RHSA-2007:0961-4 Moderate: ruby security update
(Red Hat)
RHSA-2007:0965-3 Moderate: ruby security update
(Red Hat)
Privacy Statement
Copyright 2010, SecurityFocus