Versions of the puppetlabs-apache module before 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppetlabs-apache 1.4.1 |
||
puppet puppetlabs-apache 1.4.0 |
||
puppet puppetlabs-apache 1.3.0 |
||
puppet puppetlabs-apache 1.2.0 |
||
puppet puppetlabs-apache 0.0.4 |
||
puppet puppetlabs-apache 1.7.0 |
||
puppet puppetlabs-apache 1.5.0 |
||
puppet puppetlabs-apache 1.1.1 |
||
puppet puppetlabs-apache 1.0.1 |
||
puppet puppetlabs-apache 0.7.0 |
||
puppet puppetlabs-apache 0.4.0 |
||
puppet puppetlabs-apache 2.0.0 |
||
puppet puppetlabs-apache 1.11.0 |
||
puppet puppetlabs-apache 1.10.0 |
||
puppet puppetlabs-apache 1.8.1 |
||
puppet puppetlabs-apache 1.8.0 |
||
puppet puppetlabs-apache 0.11.0 |
||
puppet puppetlabs-apache 0.10.0 |
||
puppet puppetlabs-apache 0.9.0 |
||
puppet puppetlabs-apache 0.8.1 |
||
puppet puppetlabs-apache 1.7.1 |
||
puppet puppetlabs-apache 1.6.0 |
||
puppet puppetlabs-apache 1.1.0 |
||
puppet puppetlabs-apache 1.0.0 |
||
puppet puppetlabs-apache 0.8.0 |
||
puppet puppetlabs-apache 0.6.0 |