CVE-2015-1855: 
Ruby vulnerability analysis and mitigation

CVE-2015-1855 is a vulnerability discovered in Ruby's OpenSSL extension that affects the hostname verification process. The vulnerability exists in Ruby versions before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2. The issue stems from improper validation of hostnames in violation of RFC 6125, which could allow remote attackers to perform man-in-the-middle attacks using crafted SSL certificates (Ruby Advisory, Debian Advisory).

The vulnerability exists in the verify_certificate_identity function in the OpenSSL extension. The implementation performed a global substitution of '*' with '^.+', which incorrectly allowed wildcards anywhere in the hostname and permitted multiple wildcards. This behavior violated RFC 2818 and RFC 6125 specifications, which only allow wildcards in the leftmost part of the hostname. The vulnerability has a CVSS v3.1 Base Score of 5.9 (Medium) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability could allow remote attackers to perform man-in-the-middle attacks using crafted SSL certificates. For example, a certificate for 'www..foo.' could be successfully verified against 'www.bar.foo.org' or 'www.foobar.foo.bar', which should not be allowed according to security standards. This overly permissive matching affects various protocols including HTTP, SMTP, IMAP, and POP (Ruby Bug).

Users should upgrade to Ruby versions 2.0.0 patchlevel 645 or later, Ruby 2.1.6 or later, or Ruby 2.2.2 or later. The fix implements stricter hostname verification following RFC 6125, including limiting wildcard characters to the leftmost part of the hostname and implementing case-insensitive comparison (Ruby Advisory).