CVE-2007-5770

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8.5 through 1.8.6

Description The issue concerns the Net::ftptls, Net::telnets, Net::imap, Net::pop, and Net::smtp libraries in Ruby, which do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL. This makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

Recommendations For Ruby versions 1.8.5 through 1.8.6, consider updating to a version that includes a fix for this issue, as the current versions do not properly verify server certificates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.