Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2009-0642

Published: 20/02/2009 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Ruby-lang

Vulnerability Summary

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote malicious users to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

ruby-lang ruby 1.9

ruby-lang ruby 1.8

Vendor Advisories

Red Hat: Moderate: ruby security update
Synopsis Moderate: ruby security update Type/Severity Security Advisory: Moderate Topic Updated ruby packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security Response Team D ...
Ubuntu Security Notice: ruby1.8, ruby1.9 vulnerabilities
It was discovered that Ruby did not properly validate certificates An attacker could exploit this and present invalid or revoked X509 certificates (CVE-2009-0642) ...
Debian Security Advisories: DSA-1860-1 ruby1.8, ruby1.9 -- several vulnerabilities
Several vulnerabilities have been discovered in Ruby The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0642 The return value from the OCSP_basic_verify function was not checked properly, allowing continued use of a revoked certificate CVE-2009-1904 An issue in parsing BigDecimal numbers can result ...

References

CWE-287http://redmine.ruby-lang.org/issues/show/1091http://www.securityfocus.com/bid/33769http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528http://secunia.com/advisories/33750http://www.securitytracker.com/id?1022505http://www.redhat.com/support/errata/RHSA-2009-1140.htmlhttp://secunia.com/advisories/35699http://www.mandriva.com/security/advisories?name=MDVSA-2009:193http://www.ubuntu.com/usn/USN-805-1http://secunia.com/advisories/35937https://exchange.xforce.ibmcloud.com/vulnerabilities/48761https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450https://access.redhat.com/errata/RHSA-2009:1140https://usn.ubuntu.com/805-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook