CVE-2012-1987Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2012-1987 | First vendor Publication | 2012-05-29 |
| Vendor | Cve | Last vendor Modification | 2012-07-21 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 3.5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentification | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987 |
CPE : Common Platform Enumeration
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 22:37:57 |
|
(Medium)
