CVE-2012-1987Uncontrolled Resource Consumption in Puppet

CWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
3.5LOWNVD
CNA2.1GHSA2.1OSV2.1
EPSS
0.8%
top 26.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PuppetPuppet Enterprise
Timeline
PublishedMay 29
Latest updateMay 14

Description

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a P

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages4 packages

NVDpuppet/puppet_enterprise1.02.5.1
NVDpuppet/puppet2.6.02.6.15+1
RubyGemspuppet/puppet2.6.02.6.15+1
Debianpuppet/puppet< 2.7.13-1

🔴Vulnerability Details

4
OSV
Puppet Denial of Service and Arbitrary File Write2022-05-14
GHSA
Puppet Denial of Service and Arbitrary File Write2022-05-14
OSV
CVE-2012-1987: Unspecified vulnerability in Puppet 22012-05-29
CVEList
CVE-2012-1987: Unspecified vulnerability in Puppet 22012-05-29

📋Vendor Advisories

3
Ubuntu
Puppet vulnerabilities2012-04-11
Red Hat
puppet: Filebucket denial of service2012-04-10
Debian
CVE-2012-1987: puppet - Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13,...2012

💬Community

3
Bugzilla
CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 puppet various flaws [epel-all]2012-04-16
Bugzilla
CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 puppet various flaws [fedora-all]2012-04-16
Bugzilla
CVE-2012-1987 puppet: Filebucket denial of service2012-04-05
CVE-2012-1987 — Uncontrolled Resource Consumption | cvebase