Linux Distros Unpatched Vulnerability : CVE-2012-2125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a...

SUSE CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Oracle: Security Advisory (ELSA-2013-1441)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Solaris Third-Party Patch Update : rubygems (cve_2012_2125_https_to)

The remote Solaris system is missing necessary patches to address security updates : - RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. CVE-2012-2125 - RubyGems...

RHEL 6 : rubygems (RHSA-2013:1441)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:1441 advisory. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections...

Scientific Linux Security Update : rubygems on SL6.x (noarch) (20131017)

It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. CVE-2012-2126 It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the...

Moderate: Red Hat Security Advisory: rubygems security update

An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

CVE-2012-2125

CVE-2012-2125 affects RubyGems prior to 1.8.23, where HTTPS connections could be redirected to HTTP, enabling a remote attacker to observe or modify a gem during installation via a man‑in‑the‑middle. The accompanying open‑source advisories and OS patch references document this issue across multip...

Amazon Linux AMI : rubygems (ALAS-2012-79)

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amaz...

Ubuntu: Security Advisory (USN-1583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1582-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1583-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. CVE-2011-1005 John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates...

USN-1582-1: RubyGems vulnerabilities

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. CVE-2012-2126 John Firebaugh discovered that the RubyGems remot...

Ubuntu 12.04 LTS : rubygems vulnerabilities (USN-1582-1)

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. CVE-2012-2126 John Firebaugh discovered that the RubyGems remot...

Medium: rubygems

Issue Overview: RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. Affected Packages: rubygems Issue Correction: Run yum update rubygems or yum update --advisory...

Fedora Update for rubygems FEDORA-2012-6409

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 17 : rubygems-1.8.23-20.fc17 (2012-6132)

New version 1.8.23 is released. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...