Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby Improper Input Validation Vulnerability - CVE-2015-1855 - Vulnerability Database
Ruby

Ruby Improper Input Validation Vulnerability - CVE-2015-1855

Medium
Reference: CVE-2015-1855
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-1855
Title: Ruby Improper Input Validation Vulnerability
Overview:

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645 2.1.x before 2.1.6 and 2.2.x before 2.2.2 does not properly validate hostnames which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards (1) wildcards in IDNA names (3) case sensitivity and (4) non-ASCII characters.