CVE-2014-3250
published 2017-12-11CVE-2014-3250: The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain…
medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | < puppet 3.7.0-1 (bullseye) | puppet 3.7.0-1 (bullseye) |
| puppet | puppet | < 3.6.2 | 3.6.2 |
| puppet | puppet | >= 0 < 3.7.0-1 | 3.7.0-1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM