Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2012-2126
Vulnerability from gsd - Updated: 2012-04-20 00:00Details
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-2126",
"description": "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.",
"id": "GSD-2012-2126",
"references": [
"https://www.suse.com/security/cve/CVE-2012-2126.html",
"https://access.redhat.com/errata/RHSA-2013:1852",
"https://access.redhat.com/errata/RHSA-2013:1441",
"https://access.redhat.com/errata/RHSA-2013:1203",
"https://linux.oracle.com/cve/CVE-2012-2126.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update",
"purl": "pkg:gem/rubygems-update"
}
}
],
"aliases": [
"CVE-2012-2126",
"OSVDB-81444"
],
"details": "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.",
"id": "GSD-2012-2126",
"modified": "2012-04-20T00:00:00.000Z",
"published": "2012-04-20T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2126"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 4.3,
"type": "CVSS_V2"
}
],
"summary": "CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55381"
},
{
"name": "USN-1582-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1582-1/"
},
{
"name": "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
"refsource": "CONFIRM",
"url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"
},
{
"name": "RHSA-2013:1203",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"
},
{
"name": "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"
},
{
"name": "RHSA-2013:1852",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"name": "RHSA-2013:1441",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2012-2126",
"cvss_v2": 4.3,
"date": "2012-04-20",
"description": "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.",
"gem": "rubygems-update",
"library": "rubygems",
"osvdb": 81444,
"patched_versions": [
"\u003e= 1.8.23"
],
"title": "CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2126"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.8.23",
"affected_versions": "All versions before 1.8.23",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2014-01-14",
"description": "RubyGems does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.",
"fixed_versions": [
"1.8.23"
],
"identifier": "CVE-2012-2126",
"identifiers": [
"CVE-2012-2126"
],
"not_impacted": "All versions starting from 1.8.23",
"package_slug": "gem/rubygems-update",
"pubdate": "2013-10-01",
"solution": "Upgrade to version 1.8.23 or above.",
"title": "Cryptographic Issues",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-2126",
"http://www.ubuntu.com/usn/USN-1582-1/",
"http://rhn.redhat.com/errata/RHSA-2013-1203.html",
"http://www.openwall.com/lists/oss-security/2012/04/20/24",
"https://github.com/rubygems/rubygems/blob/1.8/History.txt",
"https://bugzilla.redhat.com/show_bug.cgi?id=814718",
"http://secunia.com/advisories/55381",
"http://rhn.redhat.com/errata/RHSA-2013-1441.html",
"http://rhn.redhat.com/errata/RHSA-2013-1852.html"
],
"uuid": "2d4da068-1eb5-46b9-a1b1-ccc4d5d4a454"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.8.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift:1.2.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2126"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1582-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-1582-1/"
},
{
"name": "RHSA-2013:1203",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1203.html"
},
{
"name": "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/04/20/24"
},
{
"name": "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/rubygems/rubygems/blob/1.8/History.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814718"
},
{
"name": "55381",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/55381"
},
{
"name": "RHSA-2013:1441",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"
},
{
"name": "RHSA-2013:1852",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-01-14T04:17Z",
"publishedDate": "2013-10-01T17:55Z"
}
}
}