Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2015-3900
Description:RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
Test IDs: 1.3.6.1.4.1.25623.1.0.869851   1.3.6.1.4.1.25623.1.0.869888   1.3.6.1.4.1.25623.1.0.120441   1.3.6.1.4.1.25623.1.0.120442   1.3.6.1.4.1.25623.1.0.120440   1.3.6.1.4.1.25623.1.0.130042  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2015-3900
BugTraq ID: 75482
http://www.securityfocus.com/bid/75482
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
http://www.openwall.com/lists/oss-security/2015/06/26/2
RedHat Security Advisories: RHSA-2015:1657
http://rhn.redhat.com/errata/RHSA-2015-1657.html




© 1998-2024 E-Soft Inc. All rights reserved.