{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-07T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "55381", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55381"}, {"name": "USN-1582-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1582-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"}, {"name": "RHSA-2013:1203", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"}, {"name": "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"name": "RHSA-2013:1441", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2125", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55381"}, {"name": "USN-1582-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1582-1/"}, {"name": "https://github.com/rubygems/rubygems/blob/1.8/History.txt", "refsource": "CONFIRM", "url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"}, {"name": "RHSA-2013:1203", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=814718", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"}, {"name": "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"}, {"name": "RHSA-2013:1852", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"name": "RHSA-2013:1441", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:08.518Z"}, "title": "CVE Program Container", "references": [{"name": "55381", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55381"}, {"name": "USN-1582-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1582-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"}, {"name": "RHSA-2013:1203", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"}, {"name": "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"name": "RHSA-2013:1441", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2125", "datePublished": "2013-10-01T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.518Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "matchCriteriaId": "129BE399-B405-4DF1-987B-6DA24172FC19", "versionEndIncluding": "1.8.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D6A915B-43FF-4FFA-98FA-968403825D43", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "767790C2-2C72-45C0-A4EF-F21EAAAD1698", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBAB2571-F73A-4843-A494-1D10A214862D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "57847827-F148-42C9-9180-3D5482249CB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "323AC584-E261-445D-9C84-DA34DFDE2D39", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A563E3D-2D87-4712-8C90-067ABB9D6810", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "7B540D22-0BDC-4727-B11E-9667F6E188BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "741E979F-6AD5-4C15-8541-5D5F659E5ED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "81C93DD3-19B4-431D-A7BD-E86F90F91745", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "CA2C407B-2C0F-4C46-9F5B-6C63CC887941", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "7865522C-C5D0-4D4B-B090-7B756B36DF4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "95AE74A8-4A90-4372-8B88-81FF7E6E578B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "3F6BED14-99EA-4F87-95BB-078D2CEED349", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "7EC8340E-D33E-4DB6-A08B-E56EA035C133", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*", "matchCriteriaId": "41E7E929-1144-438A-A55D-0B5CE6886C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*", "matchCriteriaId": "F3EB522C-6EA5-4CF5-B610-CB9414DD4815", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*", "matchCriteriaId": "EF3220D1-DEFF-46A6-95B3-A40838D4E294", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*", "matchCriteriaId": "E8DA4D9E-B822-4254-856C-3176A948D718", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*", "matchCriteriaId": "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:1.2.2:-:enterprise:*:*:*:*:*", "matchCriteriaId": "A7868189-C831-4E7D-9718-B2EFF16FCA3D", "vulnerable": false}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack."}, {"lang": "es", "value": "RubyGems anteriores a 1.8.23 pueden redirigir conexiones HTTPS a HTTP, lo cual facilita a atacantes remotos observar o modificar una gema durante la instalaci\u00f3n a trav\u00e9s de un ataque man-in-the-middle."}], "id": "CVE-2012-2125", "lastModified": "2014-01-14T04:17:25.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-01T17:55:03.257", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55381"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1582-1/"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"}, {"source": "secalert@redhat.com", "url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1441", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "rubygems-0:1.3.7-4.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-10-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "cumin-0:0.1.5787-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygems-0:1.8.23.2-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1203", "cpe": "cpe:/a:redhat:openshift:1.2::el6", "package": "rubygems-0:1.8.24-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", "release_date": "2013-09-04T00:00:00Z"}], "bugzilla": {"description": "rubygems: Two security fixes in v1.8.23", "id": "814718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack."], "name": "CVE-2012-2125", "package_state": [{"cpe": "cpe:/a:cloudforms_tools:1", "fix_state": "Will not fix", "package_name": "rubygems", "product_name": "Red Hat CloudForms Tools 1"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "rubygems", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2012-04-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-2125\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-2125"], "statement": "The Red Hat Security Response Team has rated this issue as having moderate security impact in CloudForms 1.1. This issue is not currently planned to be addressed in future updates.", "threat_severity": "Moderate", "upstream_fix": "rubygem 1.8.23"}