Описание
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | ignored | |
| precise | not-affected | apache 2.2 |
| precise/esm | DNE | precise was not-affected [apache 2.2] |
| trusty | ignored | |
| trusty/esm | ignored | |
| upstream | released | 3.7.0-1 |
| vivid | not-affected | 3.7.2-1ubuntu2 |
| vivid/stable-phone-overlay | DNE |
Показывать по
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
The default vhost configuration file in Puppet before 3.6.2 does not i ...
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
4 Medium
CVSS2
6.5 Medium
CVSS3