Main Vulnerability Database Vulnerabilities #VU42648

Information disclosure in Puppet Enterprise - CVE-2013-4961

Published: August 21, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42648

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4961

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Puppet Enterprise

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.

How to mitigate CVE-2013-4961

Install update from vendor's website.

Sources

http://puppetlabs.com/security/cve/cve-2013-4961/

Information disclosure in Puppet Enterprise - CVE-2013-4961

Detailed vulnerability description

How to mitigate CVE-2013-4961

Sources

Please verify you're human