CVE-2017-2299

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-2299

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2299.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-2299

Related

UBUNTU-CVE-2017-2299

Published

2017-09-15T18:29:00Z

Modified

2025-04-20T03:52:00.019466Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the ssl_ca parameter but do not specify the ssl_certs_dir parameter, a default will be provided for the ssl_certs_dir that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.

References

Affected packages

Debian:11 / puppet-module-puppetlabs-apache

Package

Name: puppet-module-puppetlabs-apache
Purl: pkg:deb/debian/puppet-module-puppetlabs-apache?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / puppet-module-puppetlabs-apache

Package

Name: puppet-module-puppetlabs-apache
Purl: pkg:deb/debian/puppet-module-puppetlabs-apache?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / puppet-module-puppetlabs-apache

Package

Name: puppet-module-puppetlabs-apache
Purl: pkg:deb/debian/puppet-module-puppetlabs-apache?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/puppetlabs/puppetlabs-apache

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/puppetlabs-apache
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

173967ab8dd21a93d6f2b47ff2641d0092f729b1

Last affected

185ec051db623d47c0cd4bce4afffa29aa1b18d2

Last affected

1f1cffcff00fde938033323757a00fdee1d134bd

Last affected

212e09d383c7382aa269e8c00e5c20c1c3808b2d

Last affected

2ab694619b08650e36f9ae2eaeb8c03769307c37

Last affected

349d4f910c58b08da452f7d08e6e7e6d79c238e9

Last affected

34d5a2aacc7a085463284acdbe9ce676332fa6b6

Last affected

39a6e2ee1f6059225729a78bbb57e2200ab78caa

Last affected

3d5bb6375d10cf55b2090bab81dd3f35cfcff7a2

Last affected

410309f5facd0df7d836ea66c27ca9514031b6e3

Last affected

5a45cf170c3b9abb44cf4a9adade2752e2159b7f

Last affected

66d5ce9aef8ef6c589a36323bba2879dd0d66fd1

Last affected

7aff8652358180309ef6964fbb406b5e71e9949c

Last affected

83401079053dca11d61945bd9beef9ecf7576cbf

Last affected

883ca3a226233563fcaf4f17bd1afe22eb1715b0

Last affected

91bed86590382beb85707025fb7570284a5965a1

Last affected

97b5594ffd3b7fec169f807d3dee07cb094982a5

Last affected

ac4673aa6f43c456ec21d8f773cdf8127eab7ed4

Last affected

b18fad908fe7cb8fbc6604fde1962c85540095f4

Last affected

bd328556a533e046b3c32cbc7751b768d18af512

Last affected

ce48f577e38baed14d348c6a6ed71a6cd54398ea

Last affected

d00631cd8339b5f0e171c9351a26a0cb6014476c

Last affected

d76699aa0be710f2063a9172cf32536a547888f9

Last affected

e4ec6d4985fdb23e26c809e0d5786823d0689f90

Last affected

f7946501ddb68e0057b5dc3272657bea891639e5

Last affected

fcc73608e0daa8b3856488c0f7ef29b715b49ef2

Affected versions

0.*

0.0.4

0.1.0

0.1.1

0.1.2

0.10.0

0.11.0

0.2.0

0.2.1

0.2.2

0.3.0

0.4.0

0.5.0-rc1

0.6.0

0.7.0

0.8.0

0.8.1

0.9.0

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.2.0