CVE-2012-1987
Puppet 2.6.0-2.6.14 and 2.7.0-2.7.12 - Authenticated Denial of Service via REST Requests
Title source: llmDescription
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
References (19)
Core 19
Core References
Broken Link vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/15087408
Third Party Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
Broken Link, Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2012-1987/
Broken Link, Vendor Advisory x_refsource_misc
http://projects.puppetlabs.com/issues/13552
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1419-1
Broken Link vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
Broken Link vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/14523305
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48743
Broken Link, Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/
Broken Link x_refsource_confirm
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
Broken Link vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
Broken Link vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49136
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/81308
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52975
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48748
Mailing List, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2451
Broken Link, Vendor Advisory x_refsource_misc
http://projects.puppetlabs.com/issues/13553
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48789
Scores
EPSS
0.0076
EPSS Percentile
73.6%
Details
Status
published
Products (3)
puppet/puppet
2.6.0 - 2.6.15
puppet/puppet_enterprise
1.0 - 2.5.1
rubygems/puppet
2.6.0 - 2.6.15RubyGems
Published
May 29, 2012
Tracked Since
Feb 18, 2026