CVE-2012-2125

Public on 2012-05-21

Modified on 2014-09-14

Description

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Severity

Medium

See what this means

CVSS v3 Base Score

4.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	rubygems	2012-05-21	ALAS-2012-79

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	4.0	AV:N/AC:H/Au:N/C:P/I:P/A:N
NVD	CVSSv2	5.8	AV:N/AC:M/Au:N/C:P/I:P/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2012-2125 Mitre: CVE-2012-2125