{"containers": {"cna": {"affected": [{"product": "puppetlabs-apache", "vendor": "Puppet", "versions": [{"status": "affected", "version": "prior to 1.11.1 and 2.1.0"}]}], "datePublic": "2017-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD."}], "problemTypes": [{"descriptions": [{"description": "Unsafe defaults affecting access controls", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-19T09:57:01", "orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "puppet"}, "references": [{"name": "100859", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100859"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/CVE-2017-2299"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@puppet.com", "DATE_PUBLIC": "2017-09-14T00:00:00", "ID": "CVE-2017-2299", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "puppetlabs-apache", "version": {"version_data": [{"version_value": "prior to 1.11.1 and 2.1.0"}]}}]}, "vendor_name": "Puppet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unsafe defaults affecting access controls"}]}]}, "references": {"reference_data": [{"name": "100859", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100859"}, {"name": "https://puppet.com/security/cve/CVE-2017-2299", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/CVE-2017-2299"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:48:05.314Z"}, "title": "CVE Program Container", "references": [{"name": "100859", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100859"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/CVE-2017-2299"}]}]}, "cveMetadata": {"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "assignerShortName": "puppet", "cveId": "CVE-2017-2299", "datePublished": "2017-09-15T18:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T18:59:14.375Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.0.4:*:*:*:*:puppet:*:*", "matchCriteriaId": "7D70DDE7-AFD8-4E96-B124-D8C74A713D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.4.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "C3246101-B815-433E-8818-69DDCBF231DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.6.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "96DC25A5-20DA-4AAB-AFE8-E0F8860410CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.7.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "024EAA12-121C-4C5D-AEA0-1006A9EEC1C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.8.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "2D2DA386-58F8-42FF-AB23-87260D459CAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.8.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "0179AF2F-6F74-4A78-978D-12A981792F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.9.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "D964B3B4-497E-45EF-802A-79ACEB7872C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.10.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "52A890BA-C4EA-4F72-9937-66F96C3B8480", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:0.11.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "D2BA6D0F-E9D5-4769-994C-BDA113D4B1A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.0.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "E2429B70-9CDE-430C-9324-01EE6928299F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.0.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "7CBA3B25-D5A3-424C-B69A-6CCCF10F395F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.1.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "2C73644F-80EF-40FD-BE15-3ACB9DC829CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.1.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "C414F85A-5D3A-46A1-994F-2BE4C1210640", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.2.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "6F26D4FE-B16F-4619-AD16-043CF29EADBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.3.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "C606B26F-9844-4F3C-ACAB-EEB518A2D76B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.4.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "14EBC0AA-06E2-49C1-AE46-CB5F672B5A1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.4.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "3010C01A-82B8-444B-801D-A8D515D6EC21", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.5.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "59EAC010-B84C-4ED6-AEC7-CD70D89AC859", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.6.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "8EF8205F-4624-4CEF-8935-3C868FC9FFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.7.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "0FB55AE5-E67D-4697-A139-4425D5E953DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.7.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "BA3DD4BB-F2BE-4134-A7C3-C5F649BB5374", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.8.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "693B5119-047D-4EFB-9FA3-D1CC96A8445D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.8.1:*:*:*:*:puppet:*:*", "matchCriteriaId": "8ED815B1-53DF-407C-8FA2-D1002B3040E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.10.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "097F64B5-6019-4AE0-8F7E-F986E30619DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:1.11.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "A40BABAF-51B6-4B45-9E5F-F2BC14BB4D16", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetlabs-apache:2.0.0:*:*:*:*:puppet:*:*", "matchCriteriaId": "34E0E71D-3CD8-473C-9B31-98049634B43B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD."}, {"lang": "es", "value": "Las versiones del m\u00f3dulo puppetlabs-apache anteriores a 1.11.1 y 2.1.0 hacen que sea muy sencillo configurar de forma incorrecta las relaciones de confianza para TLS Si se especifica el par\u00e1metro `ssl_ca` pero no se especifica el par\u00e1metro `ssl_certs_dir`, se proporcionar\u00e1 uno por defecto para `ssl_certs_dir` que confiar\u00e1 en certificados de cualquiera de las autoridades certificadoras de confianza del sistema. Esto no afecta a FreeBSD."}], "id": "CVE-2017-2299", "lastModified": "2024-11-21T03:23:14.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-15T18:29:00.260", "references": [{"source": "security@puppet.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100859"}, {"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2017-2299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100859"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2017-2299"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "puppet-apache: Possible TLS trust misconfiguration in puppetlabs-apache", "id": "1491601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491601"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-295", "details": ["Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD."], "name": "CVE-2017-2299", "package_state": [{"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "puppet-apache", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Will not fix", "package_name": "puppet-apache", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Not affected", "package_name": "puppet-apache", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat Satellite 6"}], "public_date": "2017-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2299\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2299\nhttps://puppet.com/security/cve/CVE-2017-2299"], "statement": "This issue affects Red Hat Satellite 6.1 and 6.2. Red Hat Product Security has rated this issue as having Low security impact. Red Hat Satellite 6.3 is not affected by this issue.", "threat_severity": "Low", "upstream_fix": "puppet-apache 1.11.1, puppet-apache 2.1.0"}