CVE-2013-1654
Summary
| CVE | CVE-2013-1654 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-03-20 16:55:00 UTC |
| Updated | 2019-07-10 17:47:00 UTC |
| Description | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 11.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | - | lts | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.11 | All | All | All |
| Application | Puppet | Puppet | 2.7.12 | All | All | All |
| Application | Puppet | Puppet | 2.7.13 | All | All | All |
| Application | Puppet | Puppet | 2.7.14 | All | All | All |
| Application | Puppet | Puppet | 2.7.16 | All | All | All |
| Application | Puppet | Puppet | 2.7.17 | All | All | All |
| Application | Puppet | Puppet | 2.7.18 | All | All | All |
| Application | Puppet | Puppet | 2.7.2 | All | All | All |
| Application | Puppet | Puppet | 2.7.3 | All | All | All |
| Application | Puppet | Puppet | 2.7.4 | All | All | All |
| Application | Puppet | Puppet | 2.7.5 | All | All | All |
| Application | Puppet | Puppet | 2.7.6 | All | All | All |
| Application | Puppet | Puppet | 2.7.7 | All | All | All |
| Application | Puppet | Puppet | 2.7.8 | All | All | All |
| Application | Puppet | Puppet | 2.7.9 | All | All | All |
| Application | Puppet | Puppet | 2.7.10 | All | All | All |
| Application | Puppet | Puppet | 2.7.11 | All | All | All |
| Application | Puppet | Puppet | 2.7.12 | All | All | All |
| Application | Puppet | Puppet | 2.7.13 | All | All | All |
| Application | Puppet | Puppet | 2.7.14 | All | All | All |
| Application | Puppet | Puppet | 2.7.16 | All | All | All |
| Application | Puppet | Puppet | 2.7.17 | All | All | All |
| Application | Puppet | Puppet | 2.7.18 | All | All | All |
| Application | Puppet | Puppet | 2.7.2 | All | All | All |
| Application | Puppet | Puppet | 2.7.3 | All | All | All |
| Application | Puppet | Puppet | 2.7.4 | All | All | All |
| Application | Puppet | Puppet | 2.7.5 | All | All | All |
| Application | Puppet | Puppet | 2.7.6 | All | All | All |
| Application | Puppet | Puppet | 2.7.7 | All | All | All |
| Application | Puppet | Puppet | 2.7.8 | All | All | All |
| Application | Puppet | Puppet | 2.7.9 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.0 | All | All | All |
| Application | Puppet | Puppet Enterprise | 3.1.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | - | enterprise | All |
| Application | Puppetlabs | Puppet | 2.7.1 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.1 | - | enterprise | All |
| Application | Puppetlabs | Puppet | 2.7.19 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | rc1 | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.0 | - | enterprise | All |
| Application | Puppetlabs | Puppet | 2.7.1 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.1 | - | enterprise | All |
| Application | Puppetlabs | Puppet | 2.7.19 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | All | All | All |
| Application | Puppetlabs | Puppet | 2.7.20 | rc1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-2643-1 puppet | DEBIAN | www.debian.org | |
| [security-announce] SUSE-SU-2013:0618-1: important: Security update for | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| USN-1759-1: Puppet vulnerabilities | Ubuntu | UBUNTU | ubuntu.com | |
| RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities | BID | www.securityfocus.com | |
| Security Advisory SA52596 - Puppet Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| CVE-2013-1654 | Puppet Labs | CONFIRM | puppetlabs.com | Vendor Advisory |
| openSUSE-SU-2013:0641-1: moderate: puppet: security fixes | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.