Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-2126

Published: 01/10/2013 Updated: 14/01/2014
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Rubygems

Vulnerability Summary

RubyGems prior to 1.8.23 does not verify an SSL certificate, which allows remote malicious users to modify a gem during installation via a man-in-the-middle attack.

Vulnerable Product Search on Vulmon Subscribe to Product

rubygems rubygems 1.8.19

rubygems rubygems 1.8.18

rubygems rubygems 1.8.11

rubygems rubygems 1.8.10

rubygems rubygems 1.8.3

rubygems rubygems 1.8.2

rubygems rubygems 1.8.21

rubygems rubygems 1.8.20

rubygems rubygems 1.8.13

rubygems rubygems 1.8.12

rubygems rubygems 1.8.5

rubygems rubygems 1.8.4

rubygems rubygems

rubygems rubygems 1.8.15

rubygems rubygems 1.8.14

rubygems rubygems 1.8.7

rubygems rubygems 1.8.6

rubygems rubygems 1.8.17

rubygems rubygems 1.8.16

rubygems rubygems 1.8.9

rubygems rubygems 1.8.8

rubygems rubygems 1.8.1

rubygems rubygems 1.8.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2012-2125 CVE-2012-2126
Debian Bug report logs - #670228 CVE-2012-2125 CVE-2012-2126 Package: rubygems; Maintainer for rubygems is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 24 Apr 2012 09:27:02 UTC Severity: grave Tags: securit ...
Ubuntu Security Notice: ruby1.9.1 vulnerabilities
Several security issues were fixed in ruby191 ...
Ubuntu Security Notice: rubygems vulnerabilities
RubyGems could be made to download and install malicious gem files ...
Red Hat: Moderate: Red Hat Enterprise MRG Grid 2.4 security update
Synopsis Moderate: Red Hat Enterprise MRG Grid 24 security update Type/Severity Security Advisory: Moderate Topic Updated Grid component packages that fix multiple security issues are nowavailable for Red Hat Enterprise MRG 24 for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated thi ...
Red Hat: Moderate: rubygems security update
Synopsis Moderate: rubygems security update Type/Severity Security Advisory: Moderate Topic An updated rubygems package that fixes three security issues is nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabi ...
Red Hat: Moderate: rubygems security update
Synopsis Moderate: rubygems security update Type/Severity Security Advisory: Moderate Topic An updated rubygems package that fixes two security issues is now availablefor Red Hat OpenShift Enterprise 122The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common V ...

References

CWE-310http://www.ubuntu.com/usn/USN-1582-1/http://rhn.redhat.com/errata/RHSA-2013-1203.htmlhttp://www.openwall.com/lists/oss-security/2012/04/20/24https://github.com/rubygems/rubygems/blob/1.8/History.txthttps://bugzilla.redhat.com/show_bug.cgi?id=814718http://secunia.com/advisories/55381http://rhn.redhat.com/errata/RHSA-2013-1441.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1852.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670228https://nvd.nist.govhttps://usn.ubuntu.com/1583-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook