Описание
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Отчет
The Red Hat Security Response Team has rated this issue as having moderate security impact in CloudForms 1.1. This issue is not currently planned to be addressed in future updates.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CloudForms Tools 1 | rubygems | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygems | Will not fix | ||
| Red Hat Enterprise Linux 6 | rubygems | Fixed | RHSA-2013:1441 | 17.10.2013 |
| Red Hat Enterprise MRG 2 | cumin | Fixed | RHSA-2013:1852 | 17.12.2013 |
| Red Hat Enterprise MRG 2 | rubygems | Fixed | RHSA-2013:1852 | 17.12.2013 |
| RHEL 6 Version of OpenShift Enterprise 1.2 | rubygems | Fixed | RHSA-2013:1203 | 04.09.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which m ...
EPSS
4 Medium
CVSS2