CVE-2012-2125

Опубликовано: 19 апр. 2012

Источник: redhat

CVSS2: 4

Описание

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Отчет

The Red Hat Security Response Team has rated this issue as having moderate security impact in CloudForms 1.1. This issue is not currently planned to be addressed in future updates.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat CloudForms Tools 1	rubygems	Will not fix
Red Hat Subscription Asset Manager	rubygems	Will not fix
Red Hat Enterprise Linux 6	rubygems	Fixed	RHSA-2013:1441	17.10.2013
Red Hat Enterprise MRG 2	cumin	Fixed	RHSA-2013:1852	17.12.2013
Red Hat Enterprise MRG 2	rubygems	Fixed	RHSA-2013:1852	17.12.2013
RHEL 6 Version of OpenShift Enterprise 1.2	rubygems	Fixed	RHSA-2013:1203	04.09.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=814718rubygems: Two security fixes in v1.8.23

4 Medium

CVSS2

Связанные уязвимости

CVE-2012-2125

ubuntu

больше 11 лет назад

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

CVE-2012-2125

nvd

больше 11 лет назад

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

CVE-2012-2125

debian

больше 11 лет назад

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which m ...

GHSA-228f-g3h7-3fj3

github

около 3 лет назад

RubyGems HTTPS to HTTP redirect

ELSA-2013-1441

oracle-oval

больше 11 лет назад

ELSA-2013-1441: rubygems security update (MODERATE)

4 Medium

CVSS2