Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-1987

Опубликовано: 10 апр. 2012
Источник: redhat
CVSS2: 3.5
EPSS Низкий

Описание

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CloudForms Tools 1puppetAffected
Red Hat Enterprise MRG 1puppetWill not fix
CloudForms for RHEL 6converge-ui-develFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6puppetFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-actionpackFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activerecordFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activesupportFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-chunky_pngFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compassFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compass-960-pluginFixedRHSA-2012:154204.12.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=810070puppet: Filebucket denial of service

EPSS

Процентиль: 73%
0.00763
Низкий

3.5 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-1987

ubuntu
больше 13 лет назад

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

nvd логотип

CVE-2012-1987

nvd
больше 13 лет назад

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

debian логотип

CVE-2012-1987

debian
больше 13 лет назад

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x befo ...

github логотип

GHSA-v58w-6xc2-w799

github
больше 3 лет назад

Puppet Denial of Service and Arbitrary File Write

fstec логотип

BDU:2015-09668

fstec
больше 13 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 73%
0.00763
Низкий

3.5 Low

CVSS2