Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2015-1855

Public on 2015-05-27
Modified on 2015-05-27
Description

It was discovered that the Ruby OpenSSL extension was overly permissive when verifying host names against X.509 certificate names with wildcards. This could cause Ruby TLS/SSL clients to accept certain certificates as valid, which is a violation of the RFC 6125 recommendations.

Severity
Medium
See what this means
CVSS v3 Base Score
4.0
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ruby18 2015-05-27 14:05 ALAS-2015-529
Amazon Linux 1 ruby19 2015-05-27 14:05 ALAS-2015-530
Amazon Linux 1 ruby20 2015-05-27 14:05 ALAS-2015-531
Amazon Linux 1 ruby21 2015-05-27 14:06 ALAS-2015-532
Amazon Linux 1 ruby22 2015-05-27 14:06 ALAS-2015-533

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD CVSSv3 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N