CVE-2015-4020

EUVD-2022-5031
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
oraclesolaris
11.3
rubygemsrubygems
2.0.0
rubygemsrubygems
2.0.0:preview2
rubygemsrubygems
2.0.0:preview2.1
rubygemsrubygems
2.0.0:preview2.2
rubygemsrubygems
2.0.0:rc1
rubygemsrubygems
2.0.0:rc2
rubygemsrubygems
2.0.1
rubygemsrubygems
2.0.2
rubygemsrubygems
2.0.3
rubygemsrubygems
2.0.4
rubygemsrubygems
2.0.5
rubygemsrubygems
2.0.6
rubygemsrubygems
2.0.7
rubygemsrubygems
2.0.8
rubygemsrubygems
2.0.9
rubygemsrubygems
2.0.10
rubygemsrubygems
2.0.11
rubygemsrubygems
2.0.12
rubygemsrubygems
2.0.13
rubygemsrubygems
2.0.14
rubygemsrubygems
2.0.15
rubygemsrubygems
2.0.16
rubygemsrubygems
2.2.0
rubygemsrubygems
2.2.1
rubygemsrubygems
2.2.2
rubygemsrubygems
2.2.3
rubygemsrubygems
2.2.4
rubygemsrubygems
2.4.0
rubygemsrubygems
2.4.1
rubygemsrubygems
2.4.2
rubygemsrubygems
2.4.3
rubygemsrubygems
2.4.4
rubygemsrubygems
2.4.5
rubygemsrubygems
2.4.6
rubygemsrubygems
2.4.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jruby
bookworm
9.3.9.0+ds-8
fixed
sid
9.4.8.0+ds-1
fixed
trixie
9.4.8.0+ds-1
fixed
rubygems
bookworm
3.3.15-2
fixed
bullseye
3.2.5-2
fixed
sid
3.4.20-1
fixed
trixie
3.4.20-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jruby
precise
not-affected
trusty
not-affected
utopic
not-affected
vivid
not-affected
libgems-ruby
precise
dne
trusty
dne
utopic
dne
vivid
dne
ruby1.8
precise
not-affected
trusty
dne
utopic
dne
vivid
dne
ruby1.9.1
precise
not-affected
trusty
dne
utopic
not-affected
vivid
not-affected
ruby2.1
precise
dne
trusty
dne
utopic
not-affected
vivid
not-affected
ruby2.2
precise
dne
trusty
dne
utopic
dne
vivid
dne
rubygems
precise
not-affected
trusty
dne
utopic
dne
vivid
dne
Common Weakness Enumeration
References
http://blog.rubygems.org/2015/06/08/2.2.5-released.html
http://blog.rubygems.org/2015/06/08/2.4.8-released.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75431
https://github.com/rubygems/rubygems/commit/5c7bfb5
https://puppet.com/security/cve/CVE-2015-3900
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/
http://blog.rubygems.org/2015/06/08/2.2.5-released.html
http://blog.rubygems.org/2015/06/08/2.4.8-released.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75431
https://github.com/rubygems/rubygems/commit/5c7bfb5
https://puppet.com/security/cve/CVE-2015-3900
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/