CVE-2012-2126

Опубликовано: 19 апр. 2012

Источник: redhat

CVSS2: 4

EPSS Низкий

Описание

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

Отчет

The Red Hat Security Response Team has rated this issue as having moderate security impact in CloudForms 1.1. This issue is not currently planned to be addressed in future updates.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat CloudForms Tools 1	rubygems	Will not fix
Red Hat Subscription Asset Manager	rubygems	Will not fix
Red Hat Enterprise Linux 6	rubygems	Fixed	RHSA-2013:1441	17.10.2013
Red Hat Enterprise MRG 2	cumin	Fixed	RHSA-2013:1852	17.12.2013
Red Hat Enterprise MRG 2	rubygems	Fixed	RHSA-2013:1852	17.12.2013
RHEL 6 Version of OpenShift Enterprise 1.2	rubygems	Fixed	RHSA-2013:1203	04.09.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=814718rubygems: Two security fixes in v1.8.23

EPSS

Процентиль: 50%

0.00272

Низкий

4 Medium

CVSS2

Связанные уязвимости

CVE-2012-2126

ubuntu

больше 11 лет назад

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

CVE-2012-2126

nvd

больше 11 лет назад

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

CVE-2012-2126

debian

больше 11 лет назад

RubyGems before 1.8.23 does not verify an SSL certificate, which allow ...

GHSA-5mgj-mvv8-46mw

github

около 3 лет назад

RubyGems does not verify SSL certificate

ELSA-2013-1441

oracle-oval

больше 11 лет назад

ELSA-2013-1441: rubygems security update (MODERATE)

EPSS

Процентиль: 50%

0.00272

Низкий

4 Medium

CVSS2