5.9

CVE-2017-17718

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
Data is provided by the National Vulnerability Database (NVD)
Net-ldap ProjectNet-ldap Version0.0.5 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.1.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.1.1 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.2 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.2.1 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.2.2 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.3.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.3.1 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.5.1 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.6.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.6.1 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.7.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.8.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.9.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.10.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.10.1 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.11 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.12.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.12.1 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.13.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.14.0 SwPlatformruby
Net-ldap ProjectNet-ldap Version0.15.0 SwPlatformruby
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.17% 0.39
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://openwall.com/lists/oss-security/2017/12/17/10
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/ruby-ldap/ruby-net-ldap/issues/258
Patch
Third Party Advisory
Issue Tracking
https://github.com/ruby-ldap/ruby-net-ldap/pull/279
Patch
Third Party Advisory
Issue Tracking