CVE-2017-2299

Published Sep 15, 2017

Last updated 5 years ago

CVSS high 7.5

Overview

Description: Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.
Source: security@puppet.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.0.4:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D70DDE7-AFD8-4E96-B124-D8C74A713D24"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.4.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3246101-B815-433E-8818-69DDCBF231DB"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.6.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DC25A5-20DA-4AAB-AFE8-E0F8860410CB"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.7.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "024EAA12-121C-4C5D-AEA0-1006A9EEC1C0"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.8.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D2DA386-58F8-42FF-AB23-87260D459CAE"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.8.1:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0179AF2F-6F74-4A78-978D-12A981792F71"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.9.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D964B3B4-497E-45EF-802A-79ACEB7872C1"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.10.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52A890BA-C4EA-4F72-9937-66F96C3B8480"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.11.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2BA6D0F-E9D5-4769-994C-BDA113D4B1A2"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.0.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2429B70-9CDE-430C-9324-01EE6928299F"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.0.1:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CBA3B25-D5A3-424C-B69A-6CCCF10F395F"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.1.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C73644F-80EF-40FD-BE15-3ACB9DC829CE"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.1.1:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C414F85A-5D3A-46A1-994F-2BE4C1210640"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.2.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F26D4FE-B16F-4619-AD16-043CF29EADBE"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.3.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C606B26F-9844-4F3C-ACAB-EEB518A2D76B"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.4.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14EBC0AA-06E2-49C1-AE46-CB5F672B5A1C"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.4.1:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3010C01A-82B8-444B-801D-A8D515D6EC21"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.5.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59EAC010-B84C-4ED6-AEC7-CD70D89AC859"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.6.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EF8205F-4624-4CEF-8935-3C868FC9FFBB"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.7.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FB55AE5-E67D-4697-A139-4425D5E953DF"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.7.1:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA3DD4BB-F2BE-4134-A7C3-C5F649BB5374"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.8.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "693B5119-047D-4EFB-9FA3-D1CC96A8445D"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.8.1:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ED815B1-53DF-407C-8FA2-D1002B3040E6"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.10.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "097F64B5-6019-4AE0-8F7E-F986E30619DE"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.11.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A40BABAF-51B6-4B45-9E5F-F2BC14BB4D16"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppetlabs-apache:2.0.0:*:*:*:*:puppet:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34E0E71D-3CD8-473C-9B31-98049634B43B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References