Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Puppet Subscribe
Filtered by product Puppetlabs-apache
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2299 1 Puppet 1 Puppetlabs-apache 2019-10-02 5.0 MEDIUM 7.5 HIGH
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.