Vulnerability Details CVE-2016-11086
lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.8%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
References
Products affected by CVE-2016-11086
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:-
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.0
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.1
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.1.1
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.1.2
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.1.3
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.1.4
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.1.5
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.2
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.2.1
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.3
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.4
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.4.1
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.5
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.5.1
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.3.6
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.0
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.1
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.2
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.3
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.4
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.5
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.6
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.4.7
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.5.0
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.5.1
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.5.2
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.5.3
-
cpe:2.3:a:oauth-ruby_project:oauth-ruby:0.5.4