CVE-2015-1855
Description
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
2.72
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-1855 are affected in Puppet Agent (x64) 1.0.0 | Windows |
| Vulnerabilities CVE-2015-1855 are affected in Puppet Agent 1.0.0 | Windows |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.5 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.5 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Combo Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.3 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.2 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.1 Update | Mac |
| Object-oriented scripting language (USN-3365-1) ruby1.9.1_1.9.3.484-2ubuntu1.3_i386.deb | Linux |
| Object-oriented scripting language (USN-3365-1) ruby1.9.1_1.9.3.484-2ubuntu1.3_amd64.deb | Linux |
| Object-oriented scripting language (USN-3365-1) libruby1.9.1_1.9.3.484-2ubuntu1.3_i386.deb | Linux |
| Object-oriented scripting language (USN-3365-1) libruby1.9.1_1.9.3.484-2ubuntu1.3_amd64.deb | Linux |
| ruby2.1 security update(DSA-3247-1) ruby2.1_2.1.5-2+deb8u3_i386.deb | Linux |
| ruby2.1 security update(DSA-3247-1) ruby2.1_2.1.5-2+deb8u3_amd64.deb | Linux |
| SUSE-SU-2017:0948-1(SUSE Linux Enterprise Server 11-SP4 ) ruby-1.8.7.p357-0.9.19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0948-1(SUSE Linux Enterprise Server 11-SP4 ) ruby-doc-html-1.8.7.p357-0.9.19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0948-1(SUSE Linux Enterprise Server 11-SP4 ) ruby-tk-1.8.7.p357-0.9.19.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) libruby2_1-2_1-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) libruby2_1-2_1-debuginfo-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-debuginfo-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-debugsource-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-stdlib-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-stdlib-debuginfo-2.1.9-15.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-342464 | Puppet Agent (x64) (8.10.0) |
| PATCH-342463 | Puppet Agent (8.10.0) |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234