Vulnerability CVE-2015-3900

Vulnerability CVE-2015-3900

Published: 2015-06-24

Description:

	Topic	Author	Date
Med.	rubygems <2.4.8 vulnerable to DNS request hijacking	Reed Loden	26.06.2015

Type:

(Security Features)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html

http://rhn.redhat.com/errata/RHSA-2015-1657.html

http://www.openwall.com/lists/oss-security/2015/06/26/2

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75482

https://puppet.com/security/cve/CVE-2015-3900

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356

https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/