CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
74.0%
Issue Overview:
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Affected Packages:
rubygems
Issue Correction:
Run yum update rubygems to update your system.
New Packages:
noarch:
rubygems-devel-1.8.11-3.1.amzn1.noarch
rubygems-1.8.11-3.1.amzn1.noarch
src:
rubygems-1.8.11-3.1.amzn1.src
Red Hat: CVE-2012-2125
Mitre: CVE-2012-2125
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | noarch | rubygems-devel | < 1.8.11-3.1.amzn1 | rubygems-devel-1.8.11-3.1.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | rubygems | < 1.8.11-3.1.amzn1 | rubygems-1.8.11-3.1.amzn1.noarch.rpm |