Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2012-2125

Published: 01/10/2013 Updated: 14/01/2014
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Rubygems

Vulnerability Summary

RubyGems prior to 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote malicious users to observe or modify a gem during installation via a man-in-the-middle attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubygems rubygems 1.8.19

rubygems rubygems 1.8.18

rubygems rubygems 1.8.10

rubygems rubygems 1.8.9

rubygems rubygems 1.8.2

rubygems rubygems 1.8.1

rubygems rubygems 1.8.17

rubygems rubygems 1.8.16

rubygems rubygems 1.8.15

rubygems rubygems 1.8.8

rubygems rubygems 1.8.7

rubygems rubygems 1.8.0

rubygems rubygems 1.8.21

rubygems rubygems 1.8.20

rubygems rubygems 1.8.12

rubygems rubygems 1.8.11

rubygems rubygems 1.8.4

rubygems rubygems 1.8.3

rubygems rubygems

rubygems rubygems 1.8.14

rubygems rubygems 1.8.13

rubygems rubygems 1.8.6

rubygems rubygems 1.8.5

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2012-2125 CVE-2012-2126
Debian Bug report logs - #670228 CVE-2012-2125 CVE-2012-2126 Package: rubygems; Maintainer for rubygems is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 24 Apr 2012 09:27:02 UTC Severity: grave Tags: securit ...
Ubuntu Security Notice: ruby1.9.1 vulnerabilities
Several security issues were fixed in ruby191 ...
Ubuntu Security Notice: rubygems vulnerabilities
RubyGems could be made to download and install malicious gem files ...
Red Hat: Moderate: Red Hat Enterprise MRG Grid 2.4 security update
Synopsis Moderate: Red Hat Enterprise MRG Grid 24 security update Type/Severity Security Advisory: Moderate Topic Updated Grid component packages that fix multiple security issues are nowavailable for Red Hat Enterprise MRG 24 for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated thi ...
Red Hat: Moderate: rubygems security update
Synopsis Moderate: rubygems security update Type/Severity Security Advisory: Moderate Topic An updated rubygems package that fixes three security issues is nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabi ...
Red Hat: Moderate: rubygems security update
Synopsis Moderate: rubygems security update Type/Severity Security Advisory: Moderate Topic An updated rubygems package that fixes two security issues is now availablefor Red Hat OpenShift Enterprise 122The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common V ...
Amazon Linux AMI: ALAS-2012-079
RubyGems before 1823 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack ...

References

NVD-CWE-Otherhttp://rhn.redhat.com/errata/RHSA-2013-1203.htmlhttp://www.ubuntu.com/usn/USN-1582-1/http://www.openwall.com/lists/oss-security/2012/04/20/24https://bugzilla.redhat.com/show_bug.cgi?id=814718https://github.com/rubygems/rubygems/blob/1.8/History.txthttp://secunia.com/advisories/55381http://rhn.redhat.com/errata/RHSA-2013-1441.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1852.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670228https://nvd.nist.govhttps://usn.ubuntu.com/1583-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook