Vulnerability Details : CVE-2012-2125
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Products affected by CVE-2012-2125
- cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2125
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2125
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
References for CVE-2012-2125
-
http://www.ubuntu.com/usn/USN-1582-1/
USN-1582-1: RubyGems vulnerabilities | Ubuntu security noticesVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=814718
814718 – (CVE-2012-2125, CVE-2012-2126) CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23Patch
-
http://rhn.redhat.com/errata/RHSA-2013-1203.html
RHSA-2013:1203 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1852.html
RHSA-2013:1852 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-1441.html
RHSA-2013:1441 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2012/04/20/24
oss-security - Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 versionPatch
-
https://github.com/rubygems/rubygems/blob/1.8/History.txt
rubygems/History.txt at 1.8 · rubygems/rubygems · GitHub
Jump to