Описание
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
Отчет
Not vulnerable. This issue did not affect the versions of puppet as shipped with Red Hat Subscription Asset Manager 1.3 as they did not include puppet-server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 3 | puppet | Will not fix | ||
| Red Hat OpenStack Platform 4 | puppet | Will not fix | ||
| Red Hat Satellite 6 | puppet | Affected | ||
| Red Hat Subscription Asset Manager | ruby193-puppet | Not affected |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
The default vhost configuration file in Puppet before 3.6.2 does not i ...
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
5 Medium
CVSS2