cvelist/2015/3xxx/CVE-2015-3900.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2015-3900",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\""
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "[oss-security] 20150626 rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020)",
            "refsource" : "MLIST",
            "url" : "http://www.openwall.com/lists/oss-security/2015/06/26/2"
         },
         {
            "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356",
            "refsource" : "MISC",
            "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356"
         },
         {
            "name" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/",
            "refsource" : "MISC",
            "url" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/"
         },
         {
            "name" : "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html",
            "refsource" : "CONFIRM",
            "url" : "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html"
         },
         {
            "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
            "refsource" : "CONFIRM",
            "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
         },
         {
            "name" : "https://puppet.com/security/cve/CVE-2015-3900",
            "refsource" : "CONFIRM",
            "url" : "https://puppet.com/security/cve/CVE-2015-3900"
         },
         {
            "name" : "FEDORA-2015-12501",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html"
         },
         {
            "name" : "FEDORA-2015-12574",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html"
         },
         {
            "name" : "FEDORA-2015-13157",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html"
         },
         {
            "name" : "RHSA-2015:1657",
            "refsource" : "REDHAT",
            "url" : "http://rhn.redhat.com/errata/RHSA-2015-1657.html"
         },
         {
            "name" : "75482",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/75482"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2015-3900",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\""`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[oss-security] 20150626 rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020)",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.openwall.com/lists/oss-security/2015/06/26/2"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356",`
			`"refsource" : "MISC",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/",`
			`"refsource" : "MISC",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"`
			`},`
- Synchronized data. 2017-12-08 06:04:30 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://puppet.com/security/cve/CVE-2015-3900",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2017-12-08 06:04:30 -05:00			`"url" : "https://puppet.com/security/cve/CVE-2015-3900"`
			`},`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2015-12501",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2015-12574",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2015-13157",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2015:1657",`
			`"refsource" : "REDHAT",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://rhn.redhat.com/errata/RHSA-2015-1657.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "75482",`
			`"refsource" : "BID",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.securityfocus.com/bid/75482"`
			`}`
			`]`
			`}`
			`}`