CVE-2009-0642

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
ruby-langruby
1.8
ruby-langruby
1.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby1.8
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
Fixed 1.8.7.72-3ubuntu0.1
released
intrepid
Fixed 1.8.7.72-1ubuntu0.2
released
hardy
Fixed 1.8.6.111-2ubuntu1.3
released
gutsy
ignored
dapper
Fixed 1.8.4-1ubuntu1.7
released
ruby1.9
oneiric
dne
natty
dne
maverick
dne
lucid
not-affected
karmic
not-affected
jaunty
Fixed 1.9.0.2-9ubuntu1.1
released
intrepid
Fixed 1.9.0.2-7ubuntu1.2
released
hardy
ignored
gutsy
ignored
dapper
ignored