Vulnerability Description
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruby-Lang | Ruby | 1.9 |
| Rubygems | Rubygems | 2.0.0 |
| Oracle | Solaris | 11.3 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- http://blog.rubygems.org/2015/05/14/CVE-2015-3900.htmlPatchVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.htm
- http://rhn.redhat.com/errata/RHSA-2015-1657.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/06/26/2Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- http://www.securityfocus.com/bid/75482
- https://puppet.com/security/cve/CVE-2015-3900
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/Third Party Advisory
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-Third Party Advisory
- http://blog.rubygems.org/2015/05/14/CVE-2015-3900.htmlPatchVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.htm
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.htm
FAQ
What is CVE-2015-3900?
CVE-2015-3900 is a vulnerability with a CVSS score of 5.0 (MEDIUM). RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to...
How severe is CVE-2015-3900?
CVE-2015-3900 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3900?
Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Ruby, Rubygems Rubygems, Oracle Solaris, Redhat Enterprise Linux.