CVE-2015-4020
Find out more about CVE-2015-4020 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of rubygems as shipped with Red Hat Enterprise Linux 6, Red Hat Enterprise MRG 2.5, Red Hat Satellite 6, Red Hat Openstack 5, Red Hat Openshift Enterprise 2, as the packages did not include the incomplete fix.
This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat Subscription Asset Manager and Red Hat Software Collections, as the packages did not include the incomplete fix.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 7.9 |
|---|---|
| Base Metrics | AV:A/AC:M/Au:N/C:C/I:C/A:C |
| Access Vector | Adjacent Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | ruby193-ruby | Not affected |
| Red Hat Software Collections for Red Hat Enterprise Linux | ruby200-ruby | Not affected |
| Red Hat Software Collections for Red Hat Enterprise Linux | ruby193-ruby | Not affected |
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-ruby22-ruby | Not affected |
| Red Hat Satellite 6 | rubygems | Not affected |
| Red Hat OpenShift Enterprise 2 | rubygems | Not affected |
| Red Hat Enterprise MRG 2 | rubygems | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | rubygems | Not affected |
| Red Hat Enterprise Linux 7 | ruby | Not affected |
| Red Hat Enterprise Linux 6 | rubygems | Not affected |
| Red Hat Enterprise Linux 6 | ruby | Not affected |
| Red Hat Enterprise Linux 5 | ruby | Not affected |