- Home
- CVEs with nessus.description==According to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities :
- An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)
- An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)
- The MCollective 'aes_security' plugin does not properly validate new server certificates. This allows a local attacker to spoof a valid MCollective connection. Note that this plugin is not enabled by default.
(CVE-2014-3251)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top