CVE-2015-1855

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
ruby-langruby
2.1.0 ≤
𝑥
< 2.1.6
ruby-langruby
2.2.0 ≤
𝑥
< 2.2.2
ruby-langruby
2.0.0
ruby-langruby
2.0.0:p0
ruby-langruby
2.0.0:p195
ruby-langruby
2.0.0:p247
ruby-langruby
2.0.0:p353
ruby-langruby
2.0.0:p451
ruby-langruby
2.0.0:p481
ruby-langruby
2.0.0:p576
ruby-langruby
2.0.0:p594
ruby-langruby
2.0.0:p598
ruby-langruby
2.0.0:p643
ruby-langtrunk
𝑥
< 50292
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
puppetpuppet_agent
1.0.0
puppetpuppet_enterprise
3.0.0 ≤
𝑥
< 3.8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby1.8
lucid
ignored
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
ruby1.9.1
lucid
ignored
precise
ignored
trusty
Fixed 1.9.3.484-2ubuntu1.3
released
utopic
ignored
vivid
ignored
wily
dne
xenial
dne
yakkety
dne
zesty
dne
ruby2.0
lucid
dne
precise
dne
trusty
Fixed 2.0.0.484-1ubuntu2.4
released
utopic
ignored
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
ruby2.1
lucid
dne
precise
dne
trusty
dne
utopic
ignored
vivid
ignored
wily
not-affected
xenial
dne
yakkety
dne
zesty
dne
ruby2.2
lucid
dne
precise
dne
trusty
dne
utopic
dne
vivid
dne
wily
not-affected
xenial
dne
yakkety
dne
zesty
dne
ruby2.3
lucid
dne
precise
dne
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
not-affected
yakkety
not-affected
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libruby2_1-2_1
suse enterprise sap 12 SP1
2.1.9-15.1
fixed
suse enterprise sap 12 SP2
2.1.9-15.1
fixed
suse enterprise sap 12 SP5
2.1.9-18.1
fixed
suse enterprise server 12 SP1
2.1.9-15.1
fixed
suse enterprise server 12 SP2
2.1.9-15.1
fixed
suse enterprise server 12 SP3
2.1.9-18.1
fixed
suse enterprise server 12 SP4
2.1.9-18.1
fixed
suse enterprise server 12 SP5
2.1.9-18.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby18
Amazon Linux 1
0:1.8.7.374-2.42.4.amzn1
fixed
ruby18-debuginfo
Amazon Linux 1
0:1.8.7.374-2.42.4.amzn1
fixed
ruby18-devel
Amazon Linux 1
0:1.8.7.374-2.42.4.amzn1
fixed
ruby18-irb
Amazon Linux 1
0:0.9.5-2.42.4.amzn1
fixed
ruby18-libs
Amazon Linux 1
0:1.8.7.374-2.42.4.amzn1
fixed
ruby18-rdoc
Amazon Linux 1
0:1.0.1-2.42.4.amzn1
fixed
ruby18-ri
Amazon Linux 1
0:1.8.7.374-2.42.4.amzn1
fixed
ruby18-static
Amazon Linux 1
0:1.8.7.374-2.42.4.amzn1
fixed
ruby19
Amazon Linux 1
0:1.9.3.551-32.66.amzn1
fixed
ruby19-debuginfo
Amazon Linux 1
0:1.9.3.551-32.66.amzn1
fixed
ruby19-devel
Amazon Linux 1
0:1.9.3.551-32.66.amzn1
fixed
ruby19-doc
Amazon Linux 1
0:1.9.3.551-32.66.amzn1
fixed
ruby19-irb
Amazon Linux 1
0:1.9.3.551-32.66.amzn1
fixed
ruby19-libs
Amazon Linux 1
0:1.9.3.551-32.66.amzn1
fixed
ruby20
Amazon Linux 1
0:2.0.0.645-1.25.amzn1
fixed
ruby20-debuginfo
Amazon Linux 1
0:2.0.0.645-1.25.amzn1
fixed
ruby20-devel
Amazon Linux 1
0:2.0.0.645-1.25.amzn1
fixed
ruby20-doc
Amazon Linux 1
0:2.0.0.645-1.25.amzn1
fixed
ruby20-irb
Amazon Linux 1
0:2.0.0.645-1.25.amzn1
fixed
ruby20-libs
Amazon Linux 1
0:2.0.0.645-1.25.amzn1
fixed
ruby21
Amazon Linux 1
0:2.1.6-1.16.amzn1
fixed
ruby21-debuginfo
Amazon Linux 1
0:2.1.6-1.16.amzn1
fixed
ruby21-devel
Amazon Linux 1
0:2.1.6-1.16.amzn1
fixed
ruby21-doc
Amazon Linux 1
0:2.1.6-1.16.amzn1
fixed
ruby21-irb
Amazon Linux 1
0:2.1.6-1.16.amzn1
fixed
ruby21-libs
Amazon Linux 1
0:2.1.6-1.16.amzn1
fixed
ruby22
Amazon Linux 1
0:2.2.2-1.5.amzn1
fixed
ruby22-debuginfo
Amazon Linux 1
0:2.2.2-1.5.amzn1
fixed
ruby22-devel
Amazon Linux 1
0:2.2.2-1.5.amzn1
fixed
ruby22-doc
Amazon Linux 1
0:2.2.2-1.5.amzn1
fixed
ruby22-irb
Amazon Linux 1
0:2.2.2-1.5.amzn1
fixed
ruby22-libs
Amazon Linux 1
0:2.2.2-1.5.amzn1
fixed
rubygem19-bigdecimal
Amazon Linux 1
0:1.1.0-32.66.amzn1
fixed
rubygem19-io-console
Amazon Linux 1
0:0.3-32.66.amzn1
fixed
rubygem19-json
Amazon Linux 1
0:1.5.5-32.66.amzn1
fixed
rubygem19-minitest
Amazon Linux 1
0:2.5.1-32.66.amzn1
fixed
rubygem19-rake
Amazon Linux 1
0:0.9.2.2-32.66.amzn1
fixed
rubygem19-rdoc
Amazon Linux 1
0:3.9.5-32.66.amzn1
fixed
rubygem20-bigdecimal
Amazon Linux 1
0:1.2.0-1.25.amzn1
fixed
rubygem20-io-console
Amazon Linux 1
0:0.4.2-1.25.amzn1
fixed
rubygem20-psych
Amazon Linux 1
0:2.0.0-1.25.amzn1
fixed
rubygem21-bigdecimal
Amazon Linux 1
0:1.2.4-1.16.amzn1
fixed
rubygem21-io-console
Amazon Linux 1
0:0.4.3-1.16.amzn1
fixed
rubygem21-psych
Amazon Linux 1
0:2.0.5-1.16.amzn1
fixed
rubygem22-bigdecimal
Amazon Linux 1
0:1.2.6-1.5.amzn1
fixed
rubygem22-io-console
Amazon Linux 1
0:0.4.3-1.5.amzn1
fixed
rubygem22-psych
Amazon Linux 1
0:2.0.8-1.5.amzn1
fixed
rubygems19
Amazon Linux 1
0:1.8.23.2-32.66.amzn1
fixed
rubygems19-devel
Amazon Linux 1
0:1.8.23.2-32.66.amzn1
fixed
rubygems20
Amazon Linux 1
0:2.0.14-1.25.amzn1
fixed
rubygems20-devel
Amazon Linux 1
0:2.0.14-1.25.amzn1
fixed
rubygems21
Amazon Linux 1
0:2.2.3-1.16.amzn1
fixed
rubygems21-devel
Amazon Linux 1
0:2.2.3-1.16.amzn1
fixed
rubygems22
Amazon Linux 1
0:2.4.5-1.5.amzn1
fixed
rubygems22-devel
Amazon Linux 1
0:2.4.5-1.5.amzn1
fixed