Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:14394
HistoryMay 02, 2019 - 4:48 a.m.

Man-in-the-Middle (MitM)

2019-05-0204:48:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13

EPSS

0.004

Percentile

74.0%

JSON

RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to this updated package, which corrects these issues.

Related

fedora 3
openvas 14
nessus 14
rubygems 2
securityvulns 2
ubuntu 2
redhat 3
centos 1
oraclelinux 1
debiancve 2
amazon 1
veracode 1
github 2
cve 2
nvd 2
ubuntucve 2
osv 2
cvelist 2
prion 2
fedora
fedora
[SECURITY] Fedora 16 Update: rubygems-1.8.11-3.fc16.1
2012-05-01 00:52:45
[SECURITY] Fedora 15 Update: rubygems-1.7.2-5.fc15
2012-05-01 00:52:30
[SECURITY] Fedora 17 Update: rubygems-1.8.23-20.fc17
2012-05-02 04:45:55
openvas
openvas
Fedora Update for rubygems FEDORA-2012-6409
2012-05-04 00:00:00
Ubuntu: Security Advisory (USN-1582-1)
2012-09-27 00:00:00
Fedora Update for rubygems FEDORA-2012-6414
2012-05-04 00:00:00
nessus
nessus
Fedora 15 : rubygems-1.7.2-5.fc15 (2012-6414)
2012-05-01 00:00:00
Oracle Solaris Third-Party Patch Update : rubygems (cve_2012_2125_https_to)
2015-01-19 00:00:00
Ubuntu 12.04 LTS : rubygems vulnerabilities (USN-1582-1)
2012-09-26 00:00:00
rubygems
rubygems
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
2012-09-24 20:00:00
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
2012-04-19 20:00:00
securityvulns
securityvulns
RubyGems https vulnerabilities
2012-10-04 00:00:00
[USN-1582-1] RubyGems vulnerabilities
2012-10-04 00:00:00
ubuntu
ubuntu
RubyGems vulnerabilities
2012-09-26 00:00:00
Ruby vulnerabilities
2012-09-26 00:00:00
redhat
redhat
(RHSA-2013:1203) Moderate: rubygems security update
2013-09-04 00:00:00
(RHSA-2013:1441) Moderate: rubygems security update
2013-10-17 00:00:00
(RHSA-2013:1852) Moderate: Red Hat Enterprise MRG Grid 2.4 security update
2013-12-17 00:00:00
centos
centos
rubygems security update
2013-10-18 12:42:23
oraclelinux
oraclelinux
rubygems security update
2013-10-17 00:00:00
debiancve
debiancve
CVE-2012-2125
2013-10-01 17:55:03
CVE-2012-2126
2013-10-01 17:55:03
amazon
amazon
Medium: rubygems
2012-05-21 16:48:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 08:53:54
github
github
RubyGems HTTPS to HTTP redirect
2022-05-17 04:54:56
RubyGems does not verify SSL certificate
2022-05-17 04:54:47
cve
cve
CVE-2012-2125
2013-10-01 17:55:03
CVE-2012-2126
2013-10-01 17:55:03
nvd
nvd
CVE-2012-2125
2013-10-01 17:55:03
CVE-2012-2126
2013-10-01 17:55:03
ubuntucve
ubuntucve
CVE-2012-2125
2012-04-20 00:00:00
CVE-2012-2126
2012-04-20 00:00:00
osv
osv
RubyGems HTTPS to HTTP redirect
2022-05-17 04:54:56
RubyGems does not verify SSL certificate
2022-05-17 04:54:47
cvelist
cvelist
CVE-2012-2125
2013-10-01 17:00:00
CVE-2012-2126
2013-10-01 17:00:00
prion
prion
Design/Logic Flaw
2013-10-01 17:55:00
Design/Logic Flaw
2013-10-01 17:55:00

EPSS

0.004

Percentile

74.0%

JSON
Related for VERACODE:14394
fedora3openvas14nessus14rubygems2securityvulns2ubuntu2redhat3centos1oraclelinux1debiancve2amazon1veracode1github2cve2nvd2ubuntucve2osv2cvelist2prion2