Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-3872

Опубликовано: 27 окт. 2011
Источник: nvd
CVSS2: 2.6
EPSS Низкий

Описание

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02778
Низкий

2.6 Low

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2011-3872

ubuntu
больше 14 лет назад

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

redhat логотип

CVE-2011-3872

redhat
больше 14 лет назад

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

debian логотип

CVE-2011-3872

debian
больше 14 лет назад

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterpri ...

github логотип

GHSA-494g-9grq-m629

github
больше 3 лет назад

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."

fstec логотип

BDU:2015-09427

fstec
почти 14 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 86%
0.02778
Низкий

2.6 Low

CVSS2

Дефекты

CWE-20