CVE-2013-4961

Puppet Enterprise <3.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2013-4961/

Scores

EPSS 0.0180
EPSS Percentile 75.9%

Details

CWE
CWE-200
Status published
Products (7)
puppet/puppet_enterprise 2.5.1
puppet/puppet_enterprise 2.5.2
puppet/puppet_enterprise 2.8.0
puppet/puppet_enterprise 2.8.1
puppet/puppet_enterprise 2.8.2
puppet/puppet_enterprise 2.8.3
puppet/puppet_enterprise < 3.0.0
Published Aug 20, 2013
Tracked Since Feb 18, 2026