Vulnerability Details : CVE-2014-0036
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
Products affected by CVE-2014-0036
- cpe:2.3:a:amos_benari:rbovirt:*:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.16:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.15:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.14:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.13:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.22:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.21:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.8:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.7:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.6:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.5:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.19:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.17:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.12:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.10:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.20:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.18:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.11:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.9:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.2:*:*:*:*:ruby:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0036
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0036
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-0036
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0036
-
http://seclists.org/oss-sec/2014/q1/509
oss-sec: CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client
-
https://bugzilla.redhat.com/show_bug.cgi?id=1058595
1058595 – (CVE-2014-0036) CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.html
[SECURITY] Fedora 20 Update: rubygem-rbovirt-0.0.18-4.fc20
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.html
[SECURITY] Fedora 19 Update: rubygem-rbovirt-0.0.18-4.fc19
Jump to