logo

Database

Insecure digital certificates In jruby-openssl

Description

jruby-openssl gem for JRuby fails to do proper certificate validation A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2009-41232. NVD-2009-41233. OSV-2009-41234. GHSA-xgv7-pqqh-h2w95. GCVE-2009-4123

References

1. https://github.com/jruby/jruby-openssl2. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml3. https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl4. http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.