Lucene search
MitreCVE-2011-3848HistoryOct 27, 2011 - 8:55 p.m.
CVE-2011-3848
2011-10-2720:55:01
CWE-22
mitre
web.nvd.nist.gov
50
cve-2011-3848
puppet
directory traversal
vulnerability
x.509
csr
remote attackers
security
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.006
Percentile
78.1%
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.
Affected configurations
Node
puppetpuppetMatch2.6.0
ORpuppetpuppetMatch2.6.1
ORpuppetpuppetMatch2.6.2
ORpuppetpuppetMatch2.6.3
ORpuppetpuppetMatch2.6.4
ORpuppetpuppetMatch2.6.5
ORpuppetpuppetMatch2.6.6
ORpuppetpuppetMatch2.6.7
ORpuppetpuppetMatch2.6.8
ORpuppetpuppetMatch2.6.9
ORpuppetpuppetMatch2.7.2
ORpuppetpuppetMatch2.7.3
ORpuppetlabspuppetMatch2.7.0
ORpuppetlabspuppetMatch2.7.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| puppet | puppet | 2.6.0 | cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.1 | cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.2 | cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.3 | cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.4 | cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.5 | cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.6 | cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.7 | cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.8 | cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:* |
| puppet | puppet | 2.6.9 | cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:* |
Related
openvas
openvas
Ubuntu Update for puppet USN-1217-1
2011-09-30 00:00:00
Ubuntu: Security Advisory (USN-1217-1)
2011-09-30 00:00:00
Fedora Update for puppet FEDORA-2011-13636
2011-10-18 00:00:00
nessus
nessus
openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)
2014-06-13 00:00:00
openSUSE Security Update : puppet (openSUSE-SU-2011:1190-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerability (USN-1217-1)
2011-09-29 00:00:00
ubuntucve
ubuntucve
CVE-2011-3848
2011-09-28 00:00:00
debiancve
debiancve
CVE-2011-3848
2011-10-27 20:55:01
prion
prion
Directory traversal
2011-10-27 20:55:00
ubuntu
ubuntu
Puppet vulnerability
2011-09-29 00:00:00
debian
debian
[BSA-050] Security Update for puppet
2011-09-30 15:12:16
[BSA-051] Security update for puppet
2011-10-03 14:58:37
[SECURITY] [DSA 2314-1] puppet security update
2011-10-03 17:13:49
cvelist
cvelist
CVE-2011-3848
2011-10-27 20:00:00
nvd
nvd
CVE-2011-3848
2011-10-27 20:55:01
fedora
fedora
[SECURITY] Fedora 14 Update: puppet-2.6.6-3.fc14
2011-10-15 20:28:07
[SECURITY] Fedora 15 Update: puppet-2.6.6-3.fc15
2011-10-15 20:25:52
[SECURITY] Fedora 15 Update: puppet-2.6.12-1.fc15
2011-11-19 06:01:24
osv
osv
puppet - several
2011-10-03 00:00:00
gentoo
gentoo
Puppet: Multiple vulnerabilities
2012-03-06 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.6
Confidence
Low
EPSS
0.006
Percentile
78.1%
Related for CVE-2011-3848