CVE-2013-1654
published 2013-03-20CVE-2013-1654: Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and…
medium5CVSS 3.1
AVNACLAuNCNIPAN
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | puppet | < puppet 2.7.18-3 (bullseye) | puppet 2.7.18-3 (bullseye) |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | — | — |
| puppet | puppet | >= 0 < 2.7.18-3 | 2.7.18-3 |
| puppet | puppet_enterprise | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM