Description

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Remediation

References

CVE-2012-2125

Related Vulnerabilities

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.2.100)

ownCloud Improper Authentication Vulnerability (CVE-2014-9043)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7400)

Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-34959)

SharePoint CVE-2024-30100 Vulnerability (CVE-2024-30100)

Severity

Medium

Classification

CVE-2012-2125

Tags

Missing Update Known Vulnerabilities