Ruby OpenSSL Extension Vulnerability in Server Identity Verification
CVE-2015-1855

5.9MEDIUM

Key Information:

Vendor

Ruby

Status
Ruby
Vendor
CVE Published:
29 November 2019

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2015-1855?

The Ruby OpenSSL extension prior to specific versions fails to properly validate hostnames. This vulnerability can be exploited by remote attackers to spoof server identities through various means, including incorrect handling of multiple wildcards, wildcards in IDNA names, case sensitivity issues, and non-ASCII characters. To protect against this threat, it is crucial to upgrade to the patched versions of Ruby.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ruby before 2.0.0 patchlevel 645

Ruby 2.1.x before 2.1.6

Ruby and 2.2.x before 2.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-1855
Created by vpereira

References

http://www.debian.org/security/2015/dsa-3247
x_refsource_MISC
http://www.debian.org/security/2015/dsa-3245
x_refsource_MISC
http://www.debian.org/security/2015/dsa-3246
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.