CVE-2007-5162

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8.5 through 1.8.6

Description The issue concerns the connect method in the Net::HTTP and Net::HTTPS libraries, which fails to verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request. This oversight makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

Recommendations For Ruby versions 1.8.5 through 1.8.6, consider updating to a version that includes a fix for this issue, as the current versions do not properly verify server certificates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.