Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-2125

Опубликовано: 01 окт. 2013
Источник: nvd
CVSS2: 5.8
EPSS Низкий

Описание

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*
Версия до 1.8.22 (включая)
cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:redhat:openshift:1.2.2:-:enterprise:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*

EPSS

Процентиль: 70%
0.00638
Низкий

5.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2012-2125

ubuntu
почти 12 лет назад

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

redhat логотип

CVE-2012-2125

redhat
больше 13 лет назад

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

debian логотип

CVE-2012-2125

debian
почти 12 лет назад

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which m ...

github логотип

GHSA-228f-g3h7-3fj3

github
около 3 лет назад

RubyGems HTTPS to HTTP redirect

oracle-oval логотип

ELSA-2013-1441

oracle-oval
почти 12 лет назад

ELSA-2013-1441: rubygems security update (MODERATE)

EPSS

Процентиль: 70%
0.00638
Низкий

5.8 Medium

CVSS2

Дефекты

NVD-CWE-Other