Vulnerabilities > CVE-2012-2125 - URI Redirection vulnerability in RubyGems

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE

Summary

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Vulnerable Configurations

Part Description Count
Application
Rubygems
84
Application
Redhat
1
OS
Canonical
1

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-6414.NASL
    descriptionWith this new rubygems, HTTPS connection no longer redirects to HTTP. Also now rubygems verify SSL connection. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-01
    plugin id58935
    published2012-05-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58935
    titleFedora 15 : rubygems-1.7.2-5.fc15 (2012-6414)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1441.NASL
    descriptionAn updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original reporter. All rubygems users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id70489
    published2013-10-18
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70489
    titleRHEL 6 : rubygems (RHSA-2013:1441)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1441.NASL
    descriptionAn updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original reporter. All rubygems users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id70501
    published2013-10-20
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70501
    titleCentOS 6 : rubygems (CESA-2013:1441)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_RUBYGEMS_20140715.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. (CVE-2012-2125) - RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. (CVE-2012-2126)
    last seen2020-06-01
    modified2020-06-02
    plugin id80759
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80759
    titleOracle Solaris Third-Party Patch Update : rubygems (cve_2012_2125_https_to)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131017_RUBYGEMS_ON_SL6_X.NASL
    descriptionIt was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287)
    last seen2020-03-18
    modified2013-10-18
    plugin id70491
    published2013-10-18
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70491
    titleScientific Linux Security Update : rubygems on SL6.x (noarch) (20131017)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1852.NASL
    descriptionUpdated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) A flaw was found in the way cumin enforced user roles, allowing an unprivileged cumin user to access a range of resources without having the appropriate role. A remote, authenticated attacker could use this flaw to access privileged information, and perform a variety of privileged operations. (CVE-2013-4404) It was found that multiple forms in the cumin web interface did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who is logged into the cumin web interface, into visiting a specially crafted URL, the attacker could perform actions in the context of the logged in user. (CVE-2013-4405) It was found that cumin did not properly escape input from the
    last seen2020-06-01
    modified2020-06-02
    plugin id76671
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76671
    titleRHEL 6 : MRG (RHSA-2013:1852)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-79.NASL
    descriptionRubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id69686
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69686
    titleAmazon Linux AMI : rubygems (ALAS-2012-79)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1582-1.NASL
    descriptionJohn Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. (CVE-2012-2126) John Firebaugh discovered that the RubyGems remote gem fetcher allowed redirection from HTTPS to HTTP. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. (CVE-2012-2125). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62306
    published2012-09-26
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62306
    titleUbuntu 12.04 LTS : rubygems vulnerabilities (USN-1582-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1851.NASL
    descriptionAn updated Grid component package that fixes multiple security issues is now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 17 December 2013] This erratum previously incorrectly listed RubyGems issues CVE-2012-2125, CVE-2012-2126 and CVE-2013-4287 as addressed by this update. However, the rubygems component is not included as part of Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 5 and is only included as part of Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. These issues were corrected there via RHSA-2013:1852. Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion. A flaw was found in the way cumin enforced user roles, allowing an unprivileged cumin user to access a range of resources without having the appropriate role. A remote, authenticated attacker could use this flaw to access privileged information, and perform a variety of privileged operations. (CVE-2013-4404) It was found that multiple forms in the cumin web interface did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who is logged into the cumin web interface, into visiting a specially crafted URL, the attacker could perform actions in the context of the logged in user. (CVE-2013-4405) It was found that cumin did not properly escape input from the
    last seen2020-06-01
    modified2020-06-02
    plugin id76670
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76670
    titleRHEL 5 : MRG (RHSA-2013:1851)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-6132.NASL
    descriptionNew version 1.8.23 is released. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-02
    plugin id58957
    published2012-05-02
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58957
    titleFedora 17 : rubygems-1.8.23-20.fc17 (2012-6132)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1583-1.NASL
    descriptionIt was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. (CVE-2011-1005) John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. (CVE-2012-2126) John Firebaugh discovered that the RubyGems remote gem fetcher allowed redirection from HTTPS to HTTP. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. (CVE-2012-2125). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62307
    published2012-09-26
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62307
    titleUbuntu 12.04 LTS : ruby1.9.1 vulnerabilities (USN-1583-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1441.NASL
    descriptionFrom Red Hat Security Advisory 2013:1441 : An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original reporter. All rubygems users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id70524
    published2013-10-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70524
    titleOracle Linux 6 : rubygems (ELSA-2013-1441)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-6409.NASL
    descriptionWith this new rubygems, HTTPS connection no longer redirects to HTTP. Also now rubygems verify SSL connection. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-05-01
    plugin id58933
    published2012-05-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58933
    titleFedora 16 : rubygems-1.8.11-3.fc16.1 (2012-6409)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1203.NASL
    descriptionAn updated rubygems package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to this updated package, which corrects these issues.
    last seen2020-06-13
    modified2018-12-04
    plugin id119343
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119343
    titleRHEL 6 : rubygems (RHSA-2013:1203)

Redhat

advisories
  • rhsa
    idRHSA-2013:1203
  • rhsa
    idRHSA-2013:1441
  • rhsa
    idRHSA-2013:1852
rpms
  • rubygems-0:1.8.24-4.el6op
  • rubygems-0:1.3.7-4.el6_4
  • cumin-0:0.1.5787-4.el6
  • rubygems-0:1.8.23.2-1.el6