CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
ruby-langruby
1.9
ruby-langruby
1.9.1
ruby-langruby
1.9.2
ruby-langruby
1.9.3
ruby-langruby
2.0.0
ruby-langruby
2.1
ruby-langruby
2.1.1
ruby-langruby
2.1.2
ruby-langruby
2.1.3
ruby-langruby
2.1.4
ruby-langruby
2.1.5
ruby-langruby
2.2.0
rubygemsrubygems
2.0.0
rubygemsrubygems
2.0.1
rubygemsrubygems
2.0.2
rubygemsrubygems
2.0.3
rubygemsrubygems
2.0.4
rubygemsrubygems
2.0.5
rubygemsrubygems
2.0.6
rubygemsrubygems
2.0.7
rubygemsrubygems
2.0.8
rubygemsrubygems
2.0.9
rubygemsrubygems
2.0.10
rubygemsrubygems
2.0.11
rubygemsrubygems
2.0.12
rubygemsrubygems
2.0.13
rubygemsrubygems
2.0.14
rubygemsrubygems
2.0.15
rubygemsrubygems
2.2.0
rubygemsrubygems
2.2.1
rubygemsrubygems
2.2.2
rubygemsrubygems
2.2.3
rubygemsrubygems
2.4.0
rubygemsrubygems
2.4.1
rubygemsrubygems
2.4.2
rubygemsrubygems
2.4.3
rubygemsrubygems
2.4.4
rubygemsrubygems
2.4.5
rubygemsrubygems
2.4.6
oraclesolaris
11.3
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jruby
bookworm
9.3.9.0+ds-8
fixed
jessie
not-affected
wheezy
not-affected
squeeze
not-affected
sid
9.4.8.0+ds-1
fixed
trixie
9.4.8.0+ds-1
fixed
rubygems
bullseye
3.2.5-2
fixed
jessie
not-affected
wheezy
not-affected
squeeze
not-affected
bookworm
3.3.15-2
fixed
sid
3.4.20-1
fixed
trixie
3.4.20-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jruby
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
precise
not-affected
libgems-ruby
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
dne
ruby1.8
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
not-affected
ruby1.9.1
wily
dne
vivid
not-affected
utopic
not-affected
trusty
dne
precise
not-affected
ruby2.1
wily
not-affected
vivid
ignored
utopic
ignored
trusty
dne
precise
dne
ruby2.2
wily
not-affected
vivid
dne
utopic
dne
trusty
dne
precise
dne
ruby2.3
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
dne
rubygems
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html
http://rhn.redhat.com/errata/RHSA-2015-1657.html
http://www.openwall.com/lists/oss-security/2015/06/26/2
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75482
https://puppet.com/security/cve/CVE-2015-3900
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html
http://rhn.redhat.com/errata/RHSA-2015-1657.html
http://www.openwall.com/lists/oss-security/2015/06/26/2
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75482
https://puppet.com/security/cve/CVE-2015-3900
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/