ID CVE-2012-2125
Summary RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
References
Vulnerable Configurations
  • cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3a:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3b:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3b:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.40.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.40.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift:1.2.2:-:enterprise:*:*:*:*:*
    cpe:2.3:a:redhat:openshift:1.2.2:-:enterprise:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
CVSS
Base: 5.8 (as of 14-01-2014 - 04:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2013:1203
  • rhsa
    id RHSA-2013:1441
  • rhsa
    id RHSA-2013:1852
rpms
  • rubygems-0:1.8.24-4.el6op
  • rubygems-0:1.3.7-4.el6_4
  • cumin-0:0.1.5787-4.el6
  • rubygems-0:1.8.23.2-1.el6
refmap via4
confirm https://github.com/rubygems/rubygems/blob/1.8/History.txt
misc https://bugzilla.redhat.com/show_bug.cgi?id=814718
mlist [oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version
secunia 55381
ubuntu USN-1582-1
Last major update 14-01-2014 - 04:17
Published 01-10-2013 - 17:55
Last modified 14-01-2014 - 04:17
Back to Top