Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2013:1441
HistoryOct 17, 2013 - 12:00 a.m.

(RHSA-2013:1441) Moderate: rubygems security update

2013-10-1700:00:00
access.redhat.com
13

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

87.4%

JSON

RubyGems is the Ruby standard for publishing and managing third-party
libraries.

It was found that RubyGems did not verify SSL connections. This could lead
to man-in-the-middle attacks. (CVE-2012-2126)

It was found that, when using RubyGems, the connection could be redirected
from HTTPS to HTTP. This could lead to a user believing they are installing
a gem via HTTPS, when the connection may have been silently downgraded to
HTTP. (CVE-2012-2125)

It was discovered that the rubygems API validated version strings using an
unsafe regular expression. An application making use of this API to process
a version string from an untrusted source could be vulnerable to a denial
of service attack through CPU exhaustion. (CVE-2013-4287)

Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287.
Upstream acknowledges Damir Sharipov as the original reporter.

All rubygems users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchrubygems< 1.3.7-4.el6_4rubygems-1.3.7-4.el6_4.noarch.rpm
RedHat6srcrubygems< 1.3.7-4.el6_4rubygems-1.3.7-4.el6_4.src.rpm

Related

openvas 27
nessus 28
centos 1
oraclelinux 1
securityvulns 2
veracode 3
fedora 8
redhat 5
ubuntu 2
rubygems 4
osv 4
github 4
amazon 4
cve 4
ubuntucve 4
prion 4
debiancve 4
freebsd 1
mageia 1
openvas
openvas
CentOS Update for rubygems CESA-2013:1441 centos6
2013-10-21 00:00:00
CentOS Update for rubygems CESA-2013:1441 centos6
2013-10-21 00:00:00
Oracle: Security Advisory (ELSA-2013-1441)
2015-10-06 00:00:00
nessus
nessus
RHEL 6 : rubygems (RHSA-2013:1441)
2013-10-18 00:00:00
Oracle Linux 6 : rubygems (ELSA-2013-1441)
2013-10-20 00:00:00
CentOS 6 : rubygems (CESA-2013:1441)
2013-10-20 00:00:00
centos
centos
rubygems security update
2013-10-18 12:42:23
oraclelinux
oraclelinux
rubygems security update
2013-10-17 00:00:00
securityvulns
securityvulns
RubyGems https vulnerabilities
2012-10-04 00:00:00
[USN-1582-1] RubyGems vulnerabilities
2012-10-04 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:48:42
Denial Of Service (DoS) Via CPU Consumption
2019-01-15 08:57:26
Man-in-the-Middle (MitM)
2019-01-15 08:53:54
fedora
fedora
[SECURITY] Fedora 17 Update: rubygems-1.8.23-20.fc17
2012-05-02 04:45:55
[SECURITY] Fedora 15 Update: rubygems-1.7.2-5.fc15
2012-05-01 00:52:30
[SECURITY] Fedora 16 Update: rubygems-1.8.11-3.fc16.1
2012-05-01 00:52:45
redhat
redhat
(RHSA-2013:1203) Moderate: rubygems security update
2013-09-04 00:00:00
(RHSA-2013:1852) Moderate: Red Hat Enterprise MRG Grid 2.4 security update
2013-12-17 00:00:00
(RHSA-2013:1523) Moderate: ruby193-ruby security update
2013-11-14 00:00:00
ubuntu
ubuntu
RubyGems vulnerabilities
2012-09-26 00:00:00
Ruby vulnerabilities
2012-09-26 00:00:00
rubygems
rubygems
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
2012-04-19 20:00:00
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
2012-09-24 20:00:00
CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability
2013-09-08 20:00:00
osv
osv
RubyGems Regular Expression Denial of Service vulnerability
2022-05-14 01:08:27
RubyGems HTTPS to HTTP redirect
2022-05-17 04:54:56
RubyGems does not verify SSL certificate
2022-05-17 04:54:47
github
github
RubyGems Regular Expression Denial of Service vulnerability
2022-05-14 01:08:27
RubyGems HTTPS to HTTP redirect
2022-05-17 04:54:56
RubyGems does not verify SSL certificate
2022-05-17 04:54:47
amazon
amazon
Medium: rubygems
2012-05-21 16:48:00
Medium: rubygems
2013-09-26 22:22:00
Medium: rubygems
2013-10-16 20:52:00
cve
cve
CVE-2012-2125
2013-10-01 17:55:00
CVE-2013-4287
2013-10-17 23:55:00
CVE-2012-2126
2013-10-01 17:55:00
ubuntucve
ubuntucve
CVE-2012-2125
2012-04-20 00:00:00
CVE-2013-4287
2013-10-17 00:00:00
CVE-2012-2126
2012-04-20 00:00:00
prion
prion
Design/Logic Flaw
2013-10-17 23:55:00
Design/Logic Flaw
2013-10-01 17:55:00
Design/Logic Flaw
2013-10-01 17:55:00
debiancve
debiancve
CVE-2013-4287
2013-10-17 23:55:00
CVE-2012-2125
2013-10-01 17:55:00
CVE-2012-2126
2013-10-01 17:55:00
freebsd
freebsd
ruby-gems -- Algorithmic Complexity Vulnerability
2013-09-09 00:00:00
mageia
mageia
Updated ruby-RubyGems package fixes security vulnerabilies
2013-10-10 02:29:35

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.021 Low

EPSS

Percentile

87.4%

JSON
Related for RHSA-2013:1441
openvas27nessus28centos1oraclelinux1securityvulns2veracode3fedora8redhat5ubuntu2rubygems4osv4github4amazon4cve4ubuntucve4prion4debiancve4freebsd1mageia1