- Home
- CVEs with nessus.description==According to its self-reported version number, the Puppet Enterprise
application installed on the remote host is version 2.8.x or 3.2.x. It
is, therefore, affected by multiple vulnerabilities :
- An error exists in the 'do_ssl3_write' function that
permits a NULL pointer to be dereferenced, which could
allow denial of service attacks. Note that this issue
is exploitable only if SSL_MODE_RELEASE_BUFFERS is
enabled. (CVE-2014-0198)
- An error exists in the processing of ChangeCipherSpec
messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be
done. (CVE-2014-0224)
- The MCollective 'aes_security' plugin does not properly
validate new server certificates. This allows a local
attacker to spoof a valid MCollective connection. Note
that this plugin is not enabled by default.
(CVE-2014-3251)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top