Lucene search

[email protected]NVD:CVE-2012-2125

HistoryOct 01, 2013 - 5:55 p.m.

CVE-2012-2125

2013-10-0117:55:03

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.004

Percentile

74.0%

JSON

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Affected configurations

Nvd

Node

rubygemsrubygemsRange≤1.8.22

rubygemsrubygemsMatch1.8.0

rubygemsrubygemsMatch1.8.1

rubygemsrubygemsMatch1.8.2

rubygemsrubygemsMatch1.8.3

rubygemsrubygemsMatch1.8.4

rubygemsrubygemsMatch1.8.5

rubygemsrubygemsMatch1.8.6

rubygemsrubygemsMatch1.8.7

rubygemsrubygemsMatch1.8.8

rubygemsrubygemsMatch1.8.9

rubygemsrubygemsMatch1.8.10

rubygemsrubygemsMatch1.8.11

rubygemsrubygemsMatch1.8.12

rubygemsrubygemsMatch1.8.13

rubygemsrubygemsMatch1.8.14

rubygemsrubygemsMatch1.8.15

rubygemsrubygemsMatch1.8.16

rubygemsrubygemsMatch1.8.17

rubygemsrubygemsMatch1.8.18

rubygemsrubygemsMatch1.8.19

rubygemsrubygemsMatch1.8.20

rubygemsrubygemsMatch1.8.21

AND

redhatopenshiftMatch1.2.2-enterprise

canonicalubuntu_linuxMatch12.04-lts

VendorProductVersionCPE
rubygemsrubygems*cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*
rubygemsrubygems1.8.0cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
rubygemsrubygems1.8.1cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
rubygemsrubygems1.8.2cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
rubygemsrubygems1.8.3cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
rubygemsrubygems1.8.4cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
rubygemsrubygems1.8.5cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
rubygemsrubygems1.8.6cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
rubygemsrubygems1.8.7cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
rubygemsrubygems1.8.8cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubygems	rubygems	*	cpe:2.3:a:rubygems:rubygems::::::::
rubygems	rubygems	1.8.0	cpe:2.3:a:rubygems:rubygems:1.8.0:::::::*
rubygems	rubygems	1.8.1	cpe:2.3:a:rubygems:rubygems:1.8.1:::::::*
rubygems	rubygems	1.8.2	cpe:2.3:a:rubygems:rubygems:1.8.2:::::::*
rubygems	rubygems	1.8.3	cpe:2.3:a:rubygems:rubygems:1.8.3:::::::*
rubygems	rubygems	1.8.4	cpe:2.3:a:rubygems:rubygems:1.8.4:::::::*
rubygems	rubygems	1.8.5	cpe:2.3:a:rubygems:rubygems:1.8.5:::::::*
rubygems	rubygems	1.8.6	cpe:2.3:a:rubygems:rubygems:1.8.6:::::::*
rubygems	rubygems	1.8.7	cpe:2.3:a:rubygems:rubygems:1.8.7:::::::*
rubygems	rubygems	1.8.8	cpe:2.3:a:rubygems:rubygems:1.8.8:::::::*