CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://blog.rubygems.org/2015/06/08/2.2.5-released.html	Vendor Advisory
http://blog.rubygems.org/2015/06/08/2.4.8-released.html	Vendor Advisory
https://github.com/rubygems/rubygems/commit/5c7bfb5
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/	Third Party Advisory
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.securityfocus.com/bid/75431
https://puppet.com/security/cve/CVE-2015-3900

Configurations

Configuration 1 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:rubygems:rubygems:2.0.0:rc1::::::
	cpe:2.3:a:rubygems:rubygems:2.0.0:rc2::::::
	cpe:2.3:a:rubygems:rubygems:2.0.15:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.16:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.9:::::::*
	cpe:2.3:a:rubygems:rubygems:2.2.0:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.2:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.3:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.1:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.10:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.2:::::::*
	cpe:2.3:a:rubygems:rubygems:2.2.1:::::::*
	cpe:2.3:a:rubygems:rubygems:2.2.2:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1::::::
	cpe:2.3:a:rubygems:rubygems:2.0.13:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.6:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.5:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.4:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.5:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2::::::
	cpe:2.3:a:rubygems:rubygems:2.0.14:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.4:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.0:preview2::::::
	cpe:2.3:a:rubygems:rubygems:2.0.3:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.11:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.6:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.0:::::::*
	cpe:2.3:a:rubygems:rubygems:2.2.3:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.12:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.7:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.7:::::::*
	cpe:2.3:a:rubygems:rubygems:2.2.4:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.8:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.0:::::::*
	cpe:2.3:a:rubygems:rubygems:2.4.1:::::::*

Information

Published : 2015-08-25 10:59

Updated : 2017-12-08 18:29

NVD link : CVE-2015-4020

Mitre link : CVE-2015-4020

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

rubygems

rubygems

oracle

solaris

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blog.rubygems.org/2015/06/08/2.2.5-released.html", "name": "http://blog.rubygems.org/2015/06/08/2.2.5-released.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://blog.rubygems.org/2015/06/08/2.4.8-released.html", "name": "http://blog.rubygems.org/2015/06/08/2.4.8-released.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/rubygems/rubygems/commit/5c7bfb5", "name": "https://github.com/rubygems/rubygems/commit/5c7bfb5", "tags": [], "refsource": "CONFIRM"}, {"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", "name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478", "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/75431", "name": "75431", "tags": [], "refsource": "BID"}, {"url": "https://puppet.com/security/cve/CVE-2015-3900", "name": "https://puppet.com/security/cve/CVE-2015-3900", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a \"DNS hijack attack.\" NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-4020", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-08-25T17:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-12-09T02:29Z"}

4.3 /10