Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3867

Опубликовано: 10 июл. 2012
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CloudForms Tools 1puppetAffected
Red Hat Enterprise MRG 1puppetWill not fix
CloudForms for RHEL 6converge-ui-develFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6puppetFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-actionpackFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activerecordFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-activesupportFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-chunky_pngFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compassFixedRHSA-2012:154204.12.2012
CloudForms for RHEL 6rubygem-compass-960-pluginFixedRHSA-2012:154204.12.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=839158puppet: insufficient validation of agent names in CN of SSL certificate requests

EPSS

Процентиль: 80%
0.01418
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3867

ubuntu
больше 13 лет назад

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

nvd логотип

CVE-2012-3867

nvd
больше 13 лет назад

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

debian логотип

CVE-2012-3867

debian
больше 13 лет назад

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2. ...

github логотип

GHSA-q44r-f2hm-v76v

github
больше 8 лет назад

Pupper does not properly restrict characters in Common Name field of Certificate Signing Request

EPSS

Процентиль: 80%
0.01418
Низкий

4 Medium

CVSS2