Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2012-2125
Vulnerability from gsd - Updated: 2012-09-25 00:00Details
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-2125",
"description": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.",
"id": "GSD-2012-2125",
"references": [
"https://www.suse.com/security/cve/CVE-2012-2125.html",
"https://access.redhat.com/errata/RHSA-2013:1852",
"https://access.redhat.com/errata/RHSA-2013:1441",
"https://access.redhat.com/errata/RHSA-2013:1203",
"https://alas.aws.amazon.com/cve/html/CVE-2012-2125.html",
"https://linux.oracle.com/cve/CVE-2012-2125.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update",
"purl": "pkg:gem/rubygems-update"
}
}
],
"aliases": [
"CVE-2012-2125",
"OSVDB-85809"
],
"details": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.",
"id": "GSD-2012-2125",
"modified": "2012-09-25T00:00:00.000Z",
"published": "2012-09-25T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2125"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 5.8,
"type": "CVSS_V2"
}
],
"summary": "CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55381"
},
{
"name": "USN-1582-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1582-1/"
},
{
"name": "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
"refsource": "CONFIRM",
"url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"
},
{
"name": "RHSA-2013:1203",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"
},
{
"name": "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"
},
{
"name": "RHSA-2013:1852",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"name": "RHSA-2013:1441",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2012-2125",
"cvss_v2": 5.8,
"date": "2012-09-25",
"description": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.",
"gem": "rubygems-update",
"library": "rubygems",
"osvdb": 85809,
"patched_versions": [
"\u003e= 1.8.23"
],
"title": "CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2125"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.8.23",
"affected_versions": "All versions before 1.8.23",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2014-01-14",
"description": "RubyGems can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.",
"fixed_versions": [
"1.8.23"
],
"identifier": "CVE-2012-2125",
"identifiers": [
"CVE-2012-2125"
],
"not_impacted": "All versions starting from 1.8.23",
"package_slug": "gem/rubygems-update",
"pubdate": "2013-10-01",
"solution": "Upgrade to version 1.8.23 or above.",
"title": "HTTP Request Smuggling",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-2125",
"http://rhn.redhat.com/errata/RHSA-2013-1203.html",
"http://www.ubuntu.com/usn/USN-1582-1/",
"http://www.openwall.com/lists/oss-security/2012/04/20/24",
"https://bugzilla.redhat.com/show_bug.cgi?id=814718",
"https://github.com/rubygems/rubygems/blob/1.8/History.txt",
"http://secunia.com/advisories/55381",
"http://rhn.redhat.com/errata/RHSA-2013-1441.html",
"http://rhn.redhat.com/errata/RHSA-2013-1852.html"
],
"uuid": "336f01b7-18ce-47fe-86a5-992897bd659b"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:1.2.2:-:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2125"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1203",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"
},
{
"name": "USN-1582-1",
"refsource": "UBUNTU",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1582-1/"
},
{
"name": "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version",
"refsource": "MLIST",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"
},
{
"name": "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"
},
{
"name": "55381",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/55381"
},
{
"name": "RHSA-2013:1441",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"
},
{
"name": "RHSA-2013:1852",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-01-14T04:17Z",
"publishedDate": "2013-10-01T17:55Z"
}
}
}