CVE-2017-2299
15.09.2017, 18:29
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.Enginsight
| Vendor | Product | Version |
|---|---|---|
| puppet | puppetlabs-apache | 0.0.4 |
| puppet | puppetlabs-apache | 0.4.0 |
| puppet | puppetlabs-apache | 0.6.0 |
| puppet | puppetlabs-apache | 0.7.0 |
| puppet | puppetlabs-apache | 0.8.0 |
| puppet | puppetlabs-apache | 0.8.1 |
| puppet | puppetlabs-apache | 0.9.0 |
| puppet | puppetlabs-apache | 0.10.0 |
| puppet | puppetlabs-apache | 0.11.0 |
| puppet | puppetlabs-apache | 1.0.0 |
| puppet | puppetlabs-apache | 1.0.1 |
| puppet | puppetlabs-apache | 1.1.0 |
| puppet | puppetlabs-apache | 1.1.1 |
| puppet | puppetlabs-apache | 1.2.0 |
| puppet | puppetlabs-apache | 1.3.0 |
| puppet | puppetlabs-apache | 1.4.0 |
| puppet | puppetlabs-apache | 1.4.1 |
| puppet | puppetlabs-apache | 1.5.0 |
| puppet | puppetlabs-apache | 1.6.0 |
| puppet | puppetlabs-apache | 1.7.0 |
| puppet | puppetlabs-apache | 1.7.1 |
| puppet | puppetlabs-apache | 1.8.0 |
| puppet | puppetlabs-apache | 1.8.1 |
| puppet | puppetlabs-apache | 1.10.0 |
| puppet | puppetlabs-apache | 1.11.0 |
| puppet | puppetlabs-apache | 2.0.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| puppet-module-puppetlabs-apache |
|
Common Weakness Enumeration