Man-in-the-Middle (MitM)

2019-01-1508:53:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

rubygems is vulnerable to man-in-the-middle attack (MitM). HTTPS connection are redirected to HTTP, which allows for an attacker to sniff network traffic and obtain confidential information or modify a gem during installation.

CPENameOperatorVersion
rubygemseq1.3.7__5.el6
rubygemseq1.8.16__1.el6
rubygemseq1.3.7__4.el6_4
rubygemseq1.3.7__1.el6
rubygemseq1.8.16__2.el6op
cumineq0.1.5098__2.el6
cumineq0.1.5192__1.el6
cumineq0.1.5444__3.el6
cumineq0.1.4794__1.el6
cumineq0.1.5786__2.el6

Name	Operator	Version
rubygems	eq	1.3.7__5.el6
rubygems	eq	1.8.16__1.el6
rubygems	eq	1.3.7__4.el6_4
rubygems	eq	1.3.7__1.el6
rubygems	eq	1.8.16__2.el6op
cumin	eq	0.1.5098__2.el6
cumin	eq	0.1.5192__1.el6
cumin	eq	0.1.5444__3.el6
cumin	eq	0.1.4794__1.el6
cumin	eq	0.1.5786__2.el6