Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Puppet和Puppet Enterprise 拒绝服务漏洞
Vulnerability Description
Puppet 2.6.15之前的2.6.x版本与2.7.13之前的2.7.x版本,Puppet Enterprise (PE) Users 1.0版本、1.1版本、1.2.x版本、2.0.x版本和2.5.1之前的2.5.x版本中存在未明漏洞。代理SSL密钥的远程认证用户可利用该漏洞(1)借助触发线程块流的REST请求导致拒绝服务(内存消耗),已被使用CVE-2012-1986与/dev/random证实,或者(2)借助使用“Puppet::FileBucket::File对象的封装形式”重写到任意文件位置
CVSS Information
N/A
Vulnerability Type
N/A