Vulnerability Change Records for CVE-2015-3900

Change History

CVE Modified by Source 9/17/2015 9:59:24 PM

Action Type Old Value New Value
Changed Description
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

CVE Modified by MITRE 12/08/2017 9:29:04 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://puppet.com/security/cve/CVE-2015-3900 [No Types Assigned]

Modified Analysis 6/24/2015 2:59:20 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Added CWE

								
							
							
						
CWE-254
Changed Reference Type
http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html No Types Assigned
http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html Advisory, Patch

CVE Modified by MITRE 11/28/2016 2:27:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/75482 [No Types Assigned]

Modified Analysis 6/30/2016 12:56:43 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

CVE Modified by Source 10/17/2016 11:47:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

CPE Deprecation Remap 4/22/2019 1:48:01 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

CVE Modified by MITRE 12/23/2016 9:59:15 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html [No Types Assigned]

Modified Analysis 10/21/2016 12:13:03 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*
          *cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
          *cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Configuration 4
     OR
          *cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2015-1657.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2015-1657.html Third Party Advisory
Changed Reference Type
http://www.openwall.com/lists/oss-security/2015/06/26/2 No Types Assigned
http://www.openwall.com/lists/oss-security/2015/06/26/2 Third Party Advisory
Changed Reference Type
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html No Types Assigned
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory
Changed Reference Type
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356 No Types Assigned
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356 Third Party Advisory
Changed Reference Type
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/ No Types Assigned
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/ Third Party Advisory

CVE Translated 2/17/2016 3:45:03 PM

Action Type Old Value New Value
Added Translation

								
							
							
						
RubyGems 2.0.x en versiones anteriores a 2.0.16, 2.2.x en versiones anteriores a 2.2.4 y 2.4.x en versiones anteriores a 2.4.7 no valida el nombre de host al recuperar gemas o hacer solicitudes de API, lo que permite a atacantes remotos redireccionar peticiones a dominios arbitrarios a través del registro DNS SRV manipulado, también conocido como un "ataque de secuestro de DNS".
Removed Translation
RubyGems 2.0.x anterior a 2.0.16, 2.2.x anterior a 2.2.4, y 2.4.x anterior a 2.4.7 no valida el nombre de anfitrión cuando obtiene gemas o realiza una solicitud API, lo que permite a atacantes remotos redirigir solicitudes hacia dominios arbitrarios a través de un registro DNS SRV manipulado, también conocido como un 'ataque del secuestro de DNS.'

								
						

CVE Modified by Source 8/26/2015 9:59:02 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2015-1657.html
Added Reference

								
							
							
						
http://www.openwall.com/lists/oss-security/2015/06/26/2
Added Reference

								
							
							
						
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356
Added Reference

								
							
							
						
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/

Initial CVE Analysis 6/24/2015 2:47:45 PM

Action Type Old Value New Value