Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2299

Опубликовано: 13 сент. 2017
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the ssl_ca parameter but do not specify the ssl_certs_dir parameter, a default will be provided for the ssl_certs_dir that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.

Отчет

This issue affects Red Hat Satellite 6.1 and 6.2. Red Hat Product Security has rated this issue as having Low security impact. Red Hat Satellite 6.3 is not affected by this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)puppet-apacheWill not fix
Red Hat OpenStack Platform 11 (Ocata)puppet-apacheWill not fix
Red Hat OpenStack Platform 12 (Pike)puppet-apacheNot affected
Red Hat Satellite 6puppetNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1491601puppet-apache: Possible TLS trust misconfiguration in puppetlabs-apache

EPSS

Процентиль: 32%
0.00125
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-2299

CVSS3: 7.5
ubuntu
больше 8 лет назад

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.

nvd логотип

CVE-2017-2299

CVSS3: 7.5
nvd
больше 8 лет назад

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.

debian логотип

CVE-2017-2299

CVSS3: 7.5
debian
больше 8 лет назад

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 mak ...

github логотип

GHSA-9xmv-x9p2-vrmq

CVSS3: 7.5
github
больше 3 лет назад

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.

EPSS

Процентиль: 32%
0.00125
Низкий

7.5 High

CVSS3