Published: 17/12/2017 Updated: 05/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The Net::LDAP (aka net-ldap) gem prior to 0.16.0 for Ruby has Missing SSL Certificate Validation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
net-ldap project net-ldap 0.11
net-ldap project net-ldap 0.10.0
net-ldap project net-ldap 0.3.1
net-ldap project net-ldap 0.2.2
net-ldap project net-ldap 0.0.5
net-ldap project net-ldap 0.8.0
net-ldap project net-ldap 0.7.0
net-ldap project net-ldap 0.6.1
net-ldap project net-ldap 0.6.0
net-ldap project net-ldap 0.15.0
net-ldap project net-ldap 0.14.0
net-ldap project net-ldap 0.13.0
net-ldap project net-ldap 0.12.1
net-ldap project net-ldap 0.2.1
net-ldap project net-ldap 0.2
net-ldap project net-ldap 0.1.1
net-ldap project net-ldap 0.1.0
net-ldap project net-ldap 0.12.0
net-ldap project net-ldap 0.10.1
net-ldap project net-ldap 0.9.0
net-ldap project net-ldap 0.5.1
net-ldap project net-ldap 0.3.0

Debian Bug report logs - #884693 ruby-net-ldap: CVE-2017-17718: missing certificate validation Package: src:ruby-net-ldap; Maintainer for src:ruby-net-ldap is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 18 Dec 20 ...

The Net::LDAP (aka net-ldap) gem before 0160 for Ruby has Missing SSL Certificate Validation ...

CWE-295 https://github.com/ruby-ldap/ruby-net-ldap/pull/279 https://github.com/ruby-ldap/ruby-net-ldap/issues/258 http://openwall.com/lists/oss-security/2017/12/17/10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884693 https://nvd.nist.gov

CVE-2017-17718

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect