Debian Puppet-Module-Puppetlabs-Apache vulnerabilities
2 known vulnerabilities affecting debian/puppet-module-puppetlabs-apache.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1LOW1
Vulnerabilities
Page 1 of 1
CVE-2018-6508P3LOWCVSS 8.0fixed in puppet-module-puppetlabs-apache 3.0.0-1 (bookworm)2018
CVE-2018-6508 [HIGH] CVE-2018-6508: puppet-module-puppetlabs-apache - Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote executio...
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
Scope: local
bookworm: resolved (
debian
CVE-2017-2299P3HIGHCVSS 7.5fixed in puppet-module-puppetlabs-apache 3.0.0-1 (bookworm)2017
CVE-2017-2299 [HIGH] CVE-2017-2299: puppet-module-puppetlabs-apache - Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very ...
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authoritie
debian