Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, and Puppet Enterprise 2.7.x prior to 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote malicious users to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppetlabs puppet 2.7.19 |
||
puppetlabs puppet 2.7.20 |
||
puppet puppet 2.7.16 |
||
puppet puppet 2.7.14 |
||
puppet puppet 2.7.4 |
||
puppet puppet 2.7.3 |
||
puppet puppet 2.7.17 |
||
puppet puppet 2.7.13 |
||
puppet puppet 2.7.8 |
||
puppet puppet 2.7.9 |
||
puppet puppet 2.7.11 |
||
puppet puppet 2.7.18 |
||
puppetlabs puppet 2.7.0 |
||
puppet puppet 2.7.7 |
||
puppet puppet 2.7.5 |
||
puppet puppet 2.7.6 |
||
puppet puppet 2.7.2 |
||
puppetlabs puppet 2.7.1 |
||
puppet puppet 2.7.12 |
||
puppet puppet 2.7.10 |
||
puppet puppet enterprise 3.1.0 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |