CVE-2015-3900

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

References

http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html

http://rhn.redhat.com/errata/RHSA-2015-1657.html

http://www.openwall.com/lists/oss-security/2015/06/26/2

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75482

https://puppet.com/security/cve/CVE-2015-3900

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356

https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/

Details

Source: MITRE

Published: 2015-06-24

Updated: 2019-04-22

Type: CWE-254

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
99896EulerOS 2.0 SP2 : ruby (EulerOS-SA-2017-1051)NessusHuawei Local Security Checks
critical
99895EulerOS 2.0 SP1 : ruby (EulerOS-SA-2017-1050)NessusHuawei Local Security Checks
critical
99753openSUSE Security Update : ruby2.1 (openSUSE-2017-527)NessusSuSE Local Security Checks
critical
99578SUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)NessusSuSE Local Security Checks
critical
85553Fedora 21 : rubygems-2.2.5-100.fc21 (2015-13157)NessusFedora Local Security Checks
medium
85312Fedora 22 : rubygems-2.4.8-100.fc22 (2015-12574)NessusFedora Local Security Checks
medium
85309Fedora 23 : rubygems-2.4.8-100.fc23 (2015-12501)NessusFedora Local Security Checks
medium
84961Puppet Enterprise 3.7.x < 3.8.1 / 3.8.x < 3.8.1 Multiple VulnerabilitiesNessusCGI abuses
medium
84250Amazon Linux AMI : ruby22 (ALAS-2015-549)NessusAmazon Linux Local Security Checks
medium
84249Amazon Linux AMI : ruby21 (ALAS-2015-548)NessusAmazon Linux Local Security Checks
medium
84248Amazon Linux AMI : ruby20 (ALAS-2015-547)NessusAmazon Linux Local Security Checks
medium
83513FreeBSD : rubygems -- request hijacking vulnerability (a0089e18-fc9e-11e4-bc58-001e67150279)NessusFreeBSD Local Security Checks
medium