CVE Vulnerabilities

CVE-2017-17718

Improper Certificate Validation

Published: Dec 17, 2017 | Modified: Jan 05, 2018
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Net-ldap Net-ldap_project 0.15.0 0.15.0
Net-ldap Net-ldap_project 0.14.0 0.14.0
Net-ldap Net-ldap_project 0.13.0 0.13.0
Net-ldap Net-ldap_project 0.12.1 0.12.1
Net-ldap Net-ldap_project 0.12.0 0.12.0
Net-ldap Net-ldap_project 0.11 0.11
Net-ldap Net-ldap_project 0.10.1 0.10.1
Net-ldap Net-ldap_project 0.10.0 0.10.0
Net-ldap Net-ldap_project 0.9.0 0.9.0
Net-ldap Net-ldap_project 0.8.0 0.8.0
Net-ldap Net-ldap_project 0.7.0 0.7.0
Net-ldap Net-ldap_project 0.6.1 0.6.1
Net-ldap Net-ldap_project 0.6.0 0.6.0
Net-ldap Net-ldap_project 0.5.1 0.5.1
Net-ldap Net-ldap_project 0.3.1 0.3.1
Net-ldap Net-ldap_project 0.3.0 0.3.0
Net-ldap Net-ldap_project 0.2.2 0.2.2
Net-ldap Net-ldap_project 0.2.1 0.2.1
Net-ldap Net-ldap_project 0.2 0.2
Net-ldap Net-ldap_project 0.1.1 0.1.1
Net-ldap Net-ldap_project 0.1.0 0.1.0
Net-ldap Net-ldap_project 0.0.5 0.0.5

Potential Mitigations

References