V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2014-3250
DEB
Medium

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote a…

CVSS
6.5
Medium
EPSS
0.01
p54
Published
2014-01-01
Updated
2014-01-01
Description

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.

Tags · CWE
CWE-295
CAPEC-459
CAPEC-475
Affected products
Linux
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Timeline
2014-01-01
Published
2014-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.009 · p54
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
linux_distro*Tracked
puppet*Tracked
Source databases
DEB
CVE
UBU