Description

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Remediation

References

CVE-2012-2125

Related Vulnerabilities

MySQL Improper Authentication Vulnerability (CVE-2012-2122)

Beego Framework Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16354)

WordPress Plugin Contact Form, Drag and Drop Form Builder for WordPress-Everest Forms SQL Injection (1.4.9)

WordPress Plugin Invoicing with InvoiceXpress for WooCommerce-Free Cross-Site Scripting (3.0.2)

WordPress Plugin WP-Table Reloaded Cross-Site Scripting (1.9.3)

Severity

Medium

Classification

CVE-2012-2125

Tags

Missing Update Known Vulnerabilities