Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-0036
Vulnerability from gsd - Updated: 2014-03-05 00:00Details
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-0036",
"description": "The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.",
"id": "GSD-2014-0036"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rbovirt",
"purl": "pkg:gem/rbovirt"
}
}
],
"aliases": [
"CVE-2014-0036",
"OSVDB-104080"
],
"details": "The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.",
"id": "GSD-2014-0036",
"modified": "2014-03-05T00:00:00.000Z",
"published": "2014-03-05T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0036"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.8,
"type": "CVSS_V2"
}
],
"summary": "CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.html"
},
{
"name": "http://seclists.org/oss-sec/2014/q1/509",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2014/q1/509"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1058595",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058595"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-0036",
"cvss_v2": 6.8,
"date": "2014-03-05",
"description": "The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.",
"gem": "rbovirt",
"osvdb": 104080,
"patched_versions": [
"\u003e= 0.0.24"
],
"title": "CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0036"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.0.24",
"affected_versions": "All versions before 0.0.24",
"credit": "Michael Samuel of Amcom",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-310",
"CWE-937"
],
"date": "2014-04-18",
"description": "The rbovirt gem uses rest-client with SSL verification disabled. Any products making use of this gem are likely vulnerable to MITM attacks. ",
"fixed_versions": [
"0.0.24"
],
"identifier": "CVE-2014-0036",
"identifiers": [
"CVE-2014-0036"
],
"package_slug": "gem/rbovirt",
"pubdate": "2014-04-17",
"solution": "Upgrade to latest",
"title": "Unsafe use of rest-client",
"urls": [],
"uuid": "35a2510f-30cf-44db-98a9-6abfa74377bd"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.16:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.15:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.14:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.13:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndIncluding": "0.0.23",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.22:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.21:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.8:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.7:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.6:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.5:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.19:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.17:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.12:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.10:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.3:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.1:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.20:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.18:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.11:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.9:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.4:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:amos_benari:rbovirt:0.0.2:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0036"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1058595",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058595"
},
{
"name": "[oss-security] 20140306 CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client",
"refsource": "MLIST",
"tags": [],
"url": "http://seclists.org/oss-sec/2014/q1/509"
},
{
"name": "FEDORA-2014-3526",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.html"
},
{
"name": "FEDORA-2014-3573",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2014-04-18T13:48Z",
"publishedDate": "2014-04-17T14:55Z"
}
}
}