exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2015-4020

больше 10 лет назад

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

CVSS2: 4.3

EPSS: Низкий

CVE-2015-4020

больше 10 лет назад

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

CVSS2: 7.9

EPSS: Низкий

CVE-2015-4020

больше 10 лет назад

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

CVSS2: 4.3

EPSS: Низкий

CVE-2015-4020

больше 10 лет назад

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4 ...

CVSS2: 4.3

EPSS: Низкий

GHSA-qv62-xfj6-32xm

больше 3 лет назад

RubyGems Improper Input Validation vulnerability

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2015-4020 RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.	CVSS2: 4.3	1% Низкий	больше 10 лет назад
CVE-2015-4020 RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.	CVSS2: 7.9	1% Низкий	больше 10 лет назад
CVE-2015-4020 RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.	CVSS2: 4.3	1% Низкий	больше 10 лет назад
CVE-2015-4020 RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4 ...	CVSS2: 4.3	1% Низкий	больше 10 лет назад
GHSA-qv62-xfj6-32xm RubyGems Improper Input Validation vulnerability		1% Низкий	больше 3 лет назад

Уязвимостей на страницу