CVE-2015-1855

CVE-2015-1855

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

Source: CVE-2015-1855

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다