Ruby Net::HTTP Vulnerability

I just saw on the Codegear Ruby newsgroups that a vulnerability on the net/https
library was reported. Basically the library doesn’t validate the server certificate
CN (Common Name).

You can read the details here:

http://www.isecpartners.com/advisories/2007-006-rubyssl.txt

Patches have been done for Ruby to accommodate this and you can download them from here:

http://www.ruby-lang.org/en/news/2007/10/04/net-https-vulnerability/

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.