Computer Security
[EN] securityvulns.ru no-pyccku


RubyGems https vulnerabilities
Published:04.10.2012
Source:
SecurityVulns ID:12609
Type:m-i-t-m
Threat Level:
4/10
Description:Insufficient certificate validation, redirection to insecure protocols.
Affected:RUBY : RubyGems 1.8
CVE:CVE-2012-2126 (RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.)
 CVE-2012-2125 (RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.)
Original documentdocumentUBUNTU, [USN-1582-1] RubyGems vulnerabilities (04.10.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod