2157 matches found
DEBIAN-CVE-2015-3900
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...
CVE-2015-3900
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...
CVE-2015-3900
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...
Design/Logic Flaw
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...
CVE-2015-3900
Vulnerability summary: CVE-2015-3900 affects RubyGems 2.0.x up to 2.0.16, 2.2.x up to 2.2.4, and 2.4.x up to 2.4.7. It does not validate hostnames when fetching gems or API requests, enabling a remote attacker to redirect requests to arbitrary domains via a crafted DNS SRV record (DNS hijack atta...
CVE-2015-3900
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...
CVE-2015-3900
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...
RubyGems Patches Serious Redirection Vulnerability
RubyGems make life easier for developers to distribute software to users. A vulnerability in the Ruby package manager could make life easier for hackers to redirect victims to trouble. Disclosed today by researchers at Trustwave and OpenDNS, the vulnerability, CVE-2015-3900, enables an attacker t...
Amazon Linux AMI : ruby21 (ALAS-2015-548)
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...
Amazon Linux AMI : ruby20 (ALAS-2015-547)
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...
Amazon Linux AMI : ruby22 (ALAS-2015-549)
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...
Medium: ruby21
Issue Overview: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the...
Medium: ruby20
Issue Overview: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the...
Medium: ruby22
Issue Overview: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the...
RubyGems BSON Denial of Service Vulnerability
RubyGems or gems for short is a Ruby packaging system for packaging Ruby components. A denial of service vulnerability exists in RubyGems BSON. This vulnerability allows attackers to launch denial of service attacks...
RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking
RubyGems contains a flaw in the apiendpoint function in remotefetcher.rb that is triggered when handling hostnames in SRV records. With a specially crafted response, a context-dependent attacker may conduct DNS hijacking attacks. This vulnerability is due to an incomplete fix for CVE-2015-3900,...
FreeBSD : rubygems -- request hijacking vulnerability (a0089e18-fc9e-11e4-bc58-001e67150279)
Jonathan Claudius reports : RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record rubygems.tcp under the original requested domain. RubyGems did not...
CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." A flaw was found in a...
rubygems -- request hijacking vulnerability
Jonathan Claudius reports: RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record rubygems.tcp under the original requested domain. RubyGems did not...
RubyGems: Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356...