Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-3900

Published: 24/06/2015 Updated: 22/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Ruby

Vulnerability Summary

RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

Vulnerable Product Search on Vulmon Subscribe to Product

ruby-lang ruby 2.1.1

ruby-lang ruby 2.1.2

ruby-lang ruby 1.9.3

ruby-lang ruby 2.0.0

ruby-lang ruby 2.1

ruby-lang ruby 1.9.1

ruby-lang ruby 1.9.2

ruby-lang ruby 2.1.5

ruby-lang ruby 2.2.0

ruby-lang ruby 1.9

ruby-lang ruby 2.1.3

ruby-lang ruby 2.1.4

rubygems rubygems 2.0.1

rubygems rubygems 2.0.2

rubygems rubygems 2.0.3

rubygems rubygems 2.0.10

rubygems rubygems 2.0.11

rubygems rubygems 2.2.2

rubygems rubygems 2.2.3

rubygems rubygems 2.0.4

rubygems rubygems 2.0.5

rubygems rubygems 2.0.12

rubygems rubygems 2.0.13

rubygems rubygems 2.4.0

rubygems rubygems 2.4.1

rubygems rubygems 2.0.6

rubygems rubygems 2.0.7

rubygems rubygems 2.0.14

rubygems rubygems 2.0.15

rubygems rubygems 2.4.2

rubygems rubygems 2.4.3

rubygems rubygems 2.0.0

rubygems rubygems 2.0.8

rubygems rubygems 2.0.9

rubygems rubygems 2.2.0

rubygems rubygems 2.2.1

rubygems rubygems 2.4.4

rubygems rubygems 2.4.5

rubygems rubygems 2.4.6

oracle solaris 11.3

redhat enterprise linux 7.0

redhat enterprise linux 6.0

Vendor Advisories

Debian CVElist Bug Report Logs: ruby2.2: CVE-2015-3900: DNS hijacking vulnerability in api_endpoint()
Debian Bug report logs - #790111 ruby22: CVE-2015-3900: DNS hijacking vulnerability in api_endpoint() Package: src:ruby22; Maintainer for src:ruby22 is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 27 Jun 2015 09:24:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream ...
Amazon Linux AMI: ALAS-2015-547
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against This mechanism is implemented via DNS, specificly a SRV record _rubygems_tcp under the original requested domain RubyGems did not validate the hostname returned in the SRV record before sending requests to it (CV ...
Amazon Linux AMI: ALAS-2015-549
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against This mechanism is implemented via DNS, specificly a SRV record _rubygems_tcp under the original requested domain RubyGems did not validate the hostname returned in the SRV record before sending requests to it (CV ...
Amazon Linux AMI: ALAS-2015-548
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against This mechanism is implemented via DNS, specificly a SRV record _rubygems_tcp under the original requested domain RubyGems did not validate the hostname returned in the SRV record before sending requests to it (CV ...

Github Repositories

https://github.com/SpiderLabs/cve_server

Simple REST-style web service for the CVE searching

CVEServer Simple REST-style web service for the CVE searching Requirements Ruby Version Manager Ruby 24x or later version Bundler Mongo DB Getting Started Install the CVE Server You must have running ruby, git, mongodb and nginx in your local machine curl --ssl -s rawgithubusercontentcom/SpiderLabs/cve_server/master/scripts/installsh | bash -

Recent Articles

RubyGems slings patch at nasty redirect trojan holes
The Register • Darren Pauli • 24 Jun 2015

Could affect millions

Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects. The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed. Attackers further benefited since RubyGems Gems Server Discovery did not validate if DNS replies are from the same security domain as gem sources. Gems are used in Ruby libraries for software development and distribution and are pushed o...

Read more...

References

CWE-254http://blog.rubygems.org/2015/05/14/CVE-2015-3900.htmlhttps://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356http://rhn.redhat.com/errata/RHSA-2015-1657.htmlhttp://www.openwall.com/lists/oss-security/2015/06/26/2https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/75482http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.htmlhttps://puppet.com/security/cve/CVE-2015-3900https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790111https://nvd.nist.govhttps://github.com/SpiderLabs/cve_serverhttps://alas.aws.amazon.com/ALAS-2015-547.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook