Description
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2013-4961/
Scores
EPSS
0.0180
EPSS Percentile
75.9%
Details
CWE
CWE-200
Status
published
Products (7)
puppet/puppet_enterprise
2.5.1
puppet/puppet_enterprise
2.5.2
puppet/puppet_enterprise
2.8.0
puppet/puppet_enterprise
2.8.1
puppet/puppet_enterprise
2.8.2
puppet/puppet_enterprise
2.8.3
puppet/puppet_enterprise
< 3.0.0
Published
Aug 20, 2013
Tracked Since
Feb 18, 2026