Vulnerability CVE-2015-4020

Vulnerability CVE-2015-4020

Published: 2015-08-25

Description:

	Topic	Author	Date
Med.	rubygems <2.4.8 vulnerable to DNS request hijacking	Reed Loden	26.06.2015

Type:

(Improper Input Validation)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Affected software
Rubygems -> Rubygems
Oracle -> Solaris

http://blog.rubygems.org/2015/06/08/2.2.5-released.html

http://blog.rubygems.org/2015/06/08/2.4.8-released.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75431

https://github.com/rubygems/rubygems/commit/5c7bfb5

https://puppet.com/security/cve/CVE-2015-3900

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478

https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/