Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2013-4073

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

  • Published: Aug 18, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-4073
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
ruby-lang / ruby 1.8.7-p370 1.8.7-p370.x
ruby-lang / ruby 1.9.3-p426 1.9.3-p426.x
ruby-lang / ruby 1.8.7-p330 1.8.7-p330.x
ruby-lang / ruby 1.8.7-p334 1.8.7-p334.x
ruby-lang / ruby 1.8.7-p248 1.8.7-p248.x
ruby-lang / ruby 1.8.7-preview3 1.8.7-preview3.x
ruby-lang / ruby 1.8.7-p17 1.8.7-p17.x
ruby-lang / ruby 1.8.6-26 1.8.6-26.x
ruby-lang / ruby 1.9.3-p286 1.9.3-p286.x
ruby-lang / ruby 1.9.3-p385 1.9.3-p385.x
ruby-lang / ruby 1.8.7-p371 1.8.7-p371.x
ruby-lang / ruby 1.8.7-p299 1.8.7-p299.x
ruby-lang / ruby 1.9.3-p383 1.9.3-p383.x
ruby-lang / ruby 2.0.0-p195 2.0.0-p195.x
ruby-lang / ruby 1.9.3-p429 1.9.3-p429.x
ruby-lang / ruby 1.8.7-p357 1.8.7-p357.x
ruby-lang / ruby 1.8.7-p71 1.8.7-p71.x
ruby-lang / ruby 1.8.7-p22 1.8.7-p22.x
ruby-lang / ruby 2.0.0-preview1 2.0.0-preview1.x
ruby-lang / ruby 1.8.7-p352 1.8.7-p352.x
ruby-lang / ruby 1.8.7-p301 1.8.7-p301.x
ruby-lang / ruby 1.8.7-p358 1.8.7-p358.x
ruby-lang / ruby 1.8.7-p160 1.8.7-p160.x
ruby-lang / ruby 1.8.7-preview2 1.8.7-preview2.x
ruby-lang / ruby 1.8.7-p174 1.8.7-p174.x
ruby-lang / ruby 2.0.0-p0 2.0.0-p0.x
ruby-lang / ruby 1.9.3-p125 1.9.3-p125.x
ruby-lang / ruby 2.0.0-rc1 2.0.0-rc1.x
ruby-lang / ruby 2.0.0-preview2 2.0.0-preview2.x
ruby-lang / ruby 1.9.3-p194 1.9.3-p194.x
ruby-lang / ruby 1.8.7 1.8.7.x
ruby-lang / ruby 1.8.7-p173 1.8.7-p173.x
ruby-lang / ruby 1.8.7-p249 1.8.7-p249.x
ruby-lang / ruby 1.9.3 1.9.3.x
ruby-lang / ruby 1.9.3-p392 1.9.3-p392.x
ruby-lang / ruby 2.0.0-rc2 2.0.0-rc2.x
ruby-lang / ruby 1.8.7-preview1 1.8.7-preview1.x
ruby-lang / ruby 1.8.7-p302 1.8.7-p302.x
ruby-lang / ruby 1.8.7-p72 1.8.7-p72.x
ruby-lang / ruby 1.8.7-p373 1.8.7-p373.x
ruby-lang / ruby 1.9.3-p0 1.9.3-p0.x
ruby-lang / ruby 1.8.7-preview4 1.8.7-preview4.x