OpenCVE

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jruby	Jruby-openssl

Configuration 1 [-]

cpe:2.3:a:jruby:jruby-openssl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl
https://github.com/advisories/GHSA-xgv7-pqqh-h2w9
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml
https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-12T00:00:00

Updated: 2024-08-07T06:54:09.583Z

Reserved: 2009-11-30T00:00:00

Link: CVE-2009-4123

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-12T16:15:07.407

Modified: 2024-11-21T01:08:58.637

Link: CVE-2009-4123

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jruby:jruby-openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE19B114-736D-4954-B481-4FDC948A6ABE", "versionEndExcluding": "0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation."}, {"lang": "es", "value": "La gema jruby-openssl anterior a 0.6 para JRuby maneja mal la validaci\u00f3n del certificado SSL."}], "id": "CVE-2009-4123", "lastModified": "2024-11-21T01:08:58.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T16:15:07.407", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/advisories/GHSA-xgv7-pqqh-h2w9"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/advisories/GHSA-xgv7-pqqh-h2w9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}