[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-3848

Date: (C)2011-10-27   (M)2015-12-16
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.

Reference:
SECUNIA-46628
DSA-2314
USN-1217-1
https://groups.google.com/group/puppet-announce/browse_thread/thread/e57ce2740feb9406
openSUSE-SU-2011:1190

CPE    14
cpe:/a:puppetlabs:puppet:2.6.2
cpe:/a:puppetlabs:puppet:2.7.1
cpe:/a:puppetlabs:puppet:2.6.3
cpe:/a:puppetlabs:puppet:2.7.2
...
CWE    1
CWE-22
OVAL    5
oval:org.secpod.oval:def:103004
oval:org.secpod.oval:def:103133
oval:org.secpod.oval:def:600679
oval:org.secpod.oval:def:103708
...

© 2013 SecPod Technologies