Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-1654

Published: 20/03/2013 Updated: 10/07/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Puppet

Vulnerability Summary

Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, and Puppet Enterprise 2.7.x prior to 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote malicious users to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

puppetlabs puppet 2.7.19

puppetlabs puppet 2.7.20

puppet puppet 2.7.16

puppet puppet 2.7.14

puppet puppet 2.7.4

puppet puppet 2.7.3

puppet puppet 2.7.17

puppet puppet 2.7.13

puppet puppet 2.7.8

puppet puppet 2.7.9

puppet puppet 2.7.11

puppet puppet 2.7.18

puppetlabs puppet 2.7.0

puppet puppet 2.7.7

puppet puppet 2.7.5

puppet puppet 2.7.6

puppet puppet 2.7.2

puppetlabs puppet 2.7.1

puppet puppet 2.7.12

puppet puppet 2.7.10

puppet puppet enterprise 3.1.0

canonical ubuntu linux 11.10

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

Vendor Advisories

Red Hat: Important: puppet security update
Synopsis Important: puppet security update Type/Severity Security Advisory: Important Topic Updated puppet packages that fix several security issues are now availablefor Red Hat OpenStack FolsomThe Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability ...
Ubuntu Security Notice: puppet vulnerabilities
Several security issues were fixed in Puppet ...
Debian Security Advisories: DSA-2643-1 puppet -- several vulnerabilities
Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code The puppet master must be made to invoke the template or inline_template functions ...

References

NVD-CWE-noinfohttp://www.debian.org/security/2013/dsa-2643https://puppetlabs.com/security/cve/cve-2013-1654/http://ubuntu.com/usn/usn-1759-1http://secunia.com/advisories/52596http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0710.htmlhttp://www.securityfocus.com/bid/64758https://access.redhat.com/errata/RHSA-2013:0710https://usn.ubuntu.com/1759-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook