CVSS Base Vector:
The remote host is missing an update for the 'ruby-openid'
Linux Distribution Package(s) announced via the DSA-1956-1 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
ruby-openid performed discovery first, and then verification. This allowed an
attacker to change the URL used for discovery and trick the server into
connecting to the URL. This server in turn could be a private server not
Furthermore, if the client that uses this library discloses connection errors,
this in turn could disclose information from the private server to the
'ruby-openid' Linux Distribution Package(s) on Debian Linux.
For Debian 8 'Jessie', this problem has been fixed in version
We recommend that you upgrade your ruby-openid Linux Distribution Packages.
Linux Distribution Package
Debian Local Security Checks
Find and Fix this Vulnerability:
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition
NVD CVE ID: