Lucene search

[email protected]NVD:CVE-2012-1987

HistoryMay 29, 2012 - 8:55 p.m.

CVE-2012-1987

2012-05-2920:55:07

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%

JSON

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use “a marshaled form of a Puppet::FileBucket::File object” to write to arbitrary file locations.

Affected configurations

NVD

Node

puppetpuppetMatch2.6.0

puppetpuppetMatch2.6.1

puppetpuppetMatch2.6.2

puppetpuppetMatch2.6.3

puppetpuppetMatch2.6.4

puppetpuppetMatch2.6.5

puppetpuppetMatch2.6.6

puppetpuppetMatch2.6.7

puppetpuppetMatch2.6.8

puppetpuppetMatch2.6.9

puppetpuppetMatch2.6.10

puppetpuppetMatch2.6.11

puppetpuppetMatch2.6.12

puppetpuppetMatch2.6.13

puppetpuppetMatch2.6.14

Node

puppetpuppetMatch2.7.2

puppetpuppetMatch2.7.3

puppetpuppetMatch2.7.4

puppetpuppetMatch2.7.5

puppetpuppetMatch2.7.6

puppetpuppetMatch2.7.7

puppetpuppetMatch2.7.8

puppetpuppetMatch2.7.9

puppetpuppetMatch2.7.10

puppetpuppetMatch2.7.11

puppetpuppet_enterpriseMatch2.5.0

puppetlabspuppetMatch2.7.0

puppetlabspuppetMatch2.7.1

Node

puppetpuppet_enterpriseMatch1.2.0

puppetpuppet_enterpriseMatch1.2.1

puppetpuppet_enterpriseMatch1.2.2

puppetpuppet_enterpriseMatch1.2.3

puppetpuppet_enterpriseMatch1.2.4

puppetpuppet_enterpriseMatch2.0.0

puppetpuppet_enterpriseMatch2.0.1

puppetpuppet_enterpriseMatch2.0.2

puppetlabspuppet_enterprise_usersMatch1.0

puppetlabspuppet_enterprise_usersMatch1.1

References

lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

projects.puppetlabs.com/issues/13552

projects.puppetlabs.com/issues/13553

projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

puppetlabs.com/security/cve/cve-2012-1987/

puppetlabs.com/security/cve/cve-2012-1987/hotfixes/

secunia.com/advisories/48743

secunia.com/advisories/48748

secunia.com/advisories/48789

secunia.com/advisories/49136

ubuntu.com/usn/usn-1419-1

www.debian.org/security/2012/dsa-2451

www.osvdb.org/81308

www.securityfocus.com/bid/52975

exchange.xforce.ibmcloud.com/vulnerabilities/74794

hermes.opensuse.org/messages/14523305

hermes.opensuse.org/messages/15087408

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%

JSON

Related for NVD:CVE-2012-1987

prion2 github1 debiancve2 osv4 ubuntucve2 cvelist2 cve2 fedora4 nessus13 openvas21 debian2 freebsd1 gentoo1 ubuntu1 amazon1 nvd1 veracode1 rubygems1 securityvulns2