CVE-2015-1855

MEDIUM

Ruby < 2.0.0p645, 2.1.x < 2.1.6, 2.2.x < 2.2.2 - Hostname Validation Bypass in OpenSSL Extension

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1855. PoCs published by vpereira.

AI-analyzed exploit summary This PoC demonstrates CVE-2015-1855, a vulnerability in Ruby's OpenSSL certificate verification where wildcard certificates with multiple levels (e.g., *.*.sub.example.org) are incorrectly validated. The script generates a malicious certificate and tests it against vulnerable and patched Ruby versions.

Description

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

Exploits (1)

nomisec WORKING POC

by vpereira · poc

https://github.com/vpereira/CVE-2015-1855

View Code ZIP pw:eip

This PoC demonstrates CVE-2015-1855, a vulnerability in Ruby's OpenSSL certificate verification where wildcard certificates with multiple levels (e.g., *.*.sub.example.org) are incorrectly validated. The script generates a malicious certificate and tests it against vulnerable and patched Ruby versions.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Ruby with OpenSSL (versions before 2.3.0)

No auth needed

Prerequisites: OpenSSL · Ruby (vulnerable version) · Bash environment

MITRE ATT&CK

T1553.005 - Mark-of-the-Web Bypass

devstral-2 · analyzed Feb 16, 2026 Full analysis →