VYPR
Unrated severityNVD Advisory· Published Oct 1, 2007· Updated Jun 16, 2026

CVE-2007-5162

CVE-2007-5162

Description

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Ruby Lang/Ruby2 versions
    cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*
  • Ruby Lang/Net::HTTPllm-create2 versions
    1.8.5, 1.8.6+ 1 more
    • (no CPE)range: 1.8.5, 1.8.6
    • (no CPE)range: 1.8.5, 1.8.6

Patches

Vulnerability mechanics

References

35

News mentions

0

No linked articles in our index yet.