CVE-2009-0642

EUVD-2009-0645
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
ruby-langruby
1.8
ruby-langruby
1.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby1.8
dapper
Fixed 1.8.4-1ubuntu1.7
released
gutsy
ignored
hardy
Fixed 1.8.6.111-2ubuntu1.3
released
intrepid
Fixed 1.8.7.72-1ubuntu0.2
released
jaunty
Fixed 1.8.7.72-3ubuntu0.1
released
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
ruby1.9
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
Fixed 1.9.0.2-7ubuntu1.2
released
jaunty
Fixed 1.9.0.2-9ubuntu1.1
released
karmic
not-affected
lucid
not-affected
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528
http://redmine.ruby-lang.org/issues/show/1091
http://secunia.com/advisories/33750
http://secunia.com/advisories/35699
http://secunia.com/advisories/35937
http://www.mandriva.com/security/advisories?name=MDVSA-2009:193
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securityfocus.com/bid/33769
http://www.securitytracker.com/id?1022505
http://www.ubuntu.com/usn/USN-805-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/48761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528
http://redmine.ruby-lang.org/issues/show/1091
http://secunia.com/advisories/33750
http://secunia.com/advisories/35699
http://secunia.com/advisories/35937
http://www.mandriva.com/security/advisories?name=MDVSA-2009:193
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securityfocus.com/bid/33769
http://www.securitytracker.com/id?1022505
http://www.ubuntu.com/usn/USN-805-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/48761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450