CVE-2012-1987 (GCVE-0-2012-1987)

Vulnerability from cvelistv5 – Published: 2012-05-29 20:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://puppetlabs.com/security/cve/cve-2012-1987/ x_refsource_CONFIRM
http://projects.puppetlabs.com/issues/13552 x_refsource_MISC
http://ubuntu.com/usn/usn-1419-1 vendor-advisoryx_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
https://hermes.opensuse.org/messages/14523305 vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/48743 third-party-advisoryx_refsource_SECUNIA
http://puppetlabs.com/security/cve/cve-2012-1987/… x_refsource_CONFIRM
http://projects.puppetlabs.com/projects/1/wiki/Re… x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/49136 third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/81308 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/52975 vdb-entryx_refsource_BID
http://secunia.com/advisories/48748 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2012/dsa-2451 vendor-advisoryx_refsource_DEBIAN
http://projects.puppetlabs.com/issues/13553 x_refsource_MISC
https://hermes.opensuse.org/messages/15087408 vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/48789 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:17:27.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "puppet-rest-dos(74795)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2012-1987/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://projects.puppetlabs.com/issues/13552"
          },
          {
            "name": "USN-1419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1419-1"
          },
          {
            "name": "FEDORA-2012-5999",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html"
          },
          {
            "name": "openSUSE-SU-2012:0608",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14523305"
          },
          {
            "name": "48743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"
          },
          {
            "name": "FEDORA-2012-6055",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"
          },
          {
            "name": "FEDORA-2012-6674",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html"
          },
          {
            "name": "49136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49136"
          },
          {
            "name": "81308",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/81308"
          },
          {
            "name": "52975",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52975"
          },
          {
            "name": "48748",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48748"
          },
          {
            "name": "DSA-2451",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2451"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://projects.puppetlabs.com/issues/13553"
          },
          {
            "name": "openSUSE-SU-2012:0835",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/15087408"
          },
          {
            "name": "48789",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48789"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "puppet-rest-dos(74795)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2012-1987/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://projects.puppetlabs.com/issues/13552"
        },
        {
          "name": "USN-1419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1419-1"
        },
        {
          "name": "FEDORA-2012-5999",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html"
        },
        {
          "name": "openSUSE-SU-2012:0608",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14523305"
        },
        {
          "name": "48743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"
        },
        {
          "name": "FEDORA-2012-6055",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"
        },
        {
          "name": "FEDORA-2012-6674",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html"
        },
        {
          "name": "49136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49136"
        },
        {
          "name": "81308",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/81308"
        },
        {
          "name": "52975",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52975"
        },
        {
          "name": "48748",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48748"
        },
        {
          "name": "DSA-2451",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2451"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://projects.puppetlabs.com/issues/13553"
        },
        {
          "name": "openSUSE-SU-2012:0835",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/15087408"
        },
        {
          "name": "48789",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48789"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "puppet-rest-dos(74795)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794"
            },
            {
              "name": "http://puppetlabs.com/security/cve/cve-2012-1987/",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2012-1987/"
            },
            {
              "name": "http://projects.puppetlabs.com/issues/13552",
              "refsource": "MISC",
              "url": "http://projects.puppetlabs.com/issues/13552"
            },
            {
              "name": "USN-1419-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1419-1"
            },
            {
              "name": "FEDORA-2012-5999",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html"
            },
            {
              "name": "openSUSE-SU-2012:0608",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14523305"
            },
            {
              "name": "48743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48743"
            },
            {
              "name": "http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/",
              "refsource": "CONFIRM",
              "url": "http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/"
            },
            {
              "name": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15",
              "refsource": "CONFIRM",
              "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"
            },
            {
              "name": "FEDORA-2012-6055",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"
            },
            {
              "name": "FEDORA-2012-6674",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html"
            },
            {
              "name": "49136",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49136"
            },
            {
              "name": "81308",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/81308"
            },
            {
              "name": "52975",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52975"
            },
            {
              "name": "48748",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48748"
            },
            {
              "name": "DSA-2451",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2451"
            },
            {
              "name": "http://projects.puppetlabs.com/issues/13553",
              "refsource": "MISC",
              "url": "http://projects.puppetlabs.com/issues/13553"
            },
            {
              "name": "openSUSE-SU-2012:0835",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/15087408"
            },
            {
              "name": "48789",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48789"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1987",
    "datePublished": "2012-05-29T20:00:00",
    "dateReserved": "2012-04-02T00:00:00",
    "dateUpdated": "2024-08-06T19:17:27.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BEF50EE-4E4B-4641-BA34-B5024F1EF683\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CC72248-FD33-4CA0-A16E-0A174A864257\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CEFB16E-261F-4B81-BCBE-536CAD2EC44B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"652D28FC-7133-4C5F-95D9-3468548465B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEEEE59D-BC0E-4107-B55D-9B182825E557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4ED400E-48F7-475B-A87C-A14EC63DD93D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D827D4C2-7438-4EDD-9025-38D46CD5153C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E73C341A-6C07-4820-B1D3-4616B634F380\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61381D4C-972F-4979-84D2-793E4C60E23E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D8C2A71-0277-4426-8627-D6FD275EFC62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FB3C44C-2C6C-496C-9D2E-C43FFB493C42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD2656B0-9606-477B-BEB3-35746218BF9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"848F82FB-ACCE-42C0-A208-55522A030835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0BBFAA7-BB3F-49D2-975B-01194C66D7C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"515BBBBF-7F42-490E-BF9D-B01AA3DD61C7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE56BA6B-BDC4-431E-81FD-D7ED5E8783E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDDDFB28-1971-4CCD-93D2-ABC08FE67F4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"508105B4-619A-4A9D-8B2F-FE5992C1006A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26DB96A5-A57D-452F-A452-98B11F51CAE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D33AF704-FA05-4EA8-BE95-0177871A810F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"390FC5AE-4939-468C-B323-6B4E267A0F4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DE4213-E233-402E-88C2-B7FF8D7B682C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4122D8E3-24AD-4A55-9F89-C3AAD50E638D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF6D6B90-62BA-4944-A699-6D7C48AFD0A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EC6A7B3-5949-4439-994A-68DA65438F5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DB5A3CC-05AA-4192-9527-7B55FC1121F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E5192CB-094F-469E-A644-2255C4F44804\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D17D2752-CB0D-4CC8-8604-FEBF8DEE16E0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A584D14-197E-47EB-B394-B8B211D4B502\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFF8F62F-8782-4FD2-BC14-3F9E46881F0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36A3FDB9-F599-4999-A6B9-C82C7DAF5A70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41C07E3C-4F96-4B91-8B2D-09076749FF2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76BD798A-9D06-4CC2-B40B-D377EBEBA5B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCFA5742-38F2-43BD-9C90-E4F447F55684\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1389B834-FE5B-4CF7-93CC-63E919FC58CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppet:puppet_enterprise:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8A8C568-1922-4701-BA61-DF960C43A6FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C1C09E3-88DB-4022-B4B4-8FEE5D9CB57B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:puppetlabs:puppet_enterprise_users:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD5ED72A-0C75-4680-8283-E0AE47780B3E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \\\"a marshaled form of a Puppet::FileBucket::File object\\\" to write to arbitrary file locations.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Puppet v2.6.x anterior a v2.6.15 y v2.7.x anterior a v2.7.13, y Puppet Enterprise (PE) Users v1.0, v1.1, v1.2.x, v2.0.x, y v2.5.x anterior a v2.5.1  permite a usuarios remotos autenticados con el agente de claves SSL (1) provocar una denegaci\\u00f3n de servicio (consumo de memoria) a trav\\u00e9s de una petici\\u00f3n REST como se demuestra con CVE-2012-1986 and /dev/random, o (2) provocar una denegaci\\u00f3n de servicio (consumo del sistema de fichero) a trav\\u00e9s de peticiones REST manipuladas que utilizan un objeto Puppet::FileBucket::File para escribir en las ubicaciones de archivos arbitrarios.\"}]",
      "id": "CVE-2012-1987",
      "lastModified": "2024-11-21T01:38:14.523",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:N/A:P\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-05-29T20:55:07.603",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://projects.puppetlabs.com/issues/13552\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://projects.puppetlabs.com/issues/13553\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://puppetlabs.com/security/cve/cve-2012-1987/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/48743\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48748\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48789\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/49136\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://ubuntu.com/usn/usn-1419-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2451\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/81308\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/52975\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://hermes.opensuse.org/messages/14523305\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://hermes.opensuse.org/messages/15087408\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://projects.puppetlabs.com/issues/13552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://projects.puppetlabs.com/issues/13553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://puppetlabs.com/security/cve/cve-2012-1987/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/48743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48789\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/49136\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://ubuntu.com/usn/usn-1419-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2451\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/81308\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/52975\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://hermes.opensuse.org/messages/14523305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://hermes.opensuse.org/messages/15087408\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-1987\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-05-29T20:55:07.603\",\"lastModified\":\"2025-11-20T18:53:47.083\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \\\"a marshaled form of a Puppet::FileBucket::File object\\\" to write to arbitrary file locations.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Puppet v2.6.x anterior a v2.6.15 y v2.7.x anterior a v2.7.13, y Puppet Enterprise (PE) Users v1.0, v1.1, v1.2.x, v2.0.x, y v2.5.x anterior a v2.5.1  permite a usuarios remotos autenticados con el agente de claves SSL (1) provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una petici\u00f3n REST como se demuestra con CVE-2012-1986 and /dev/random, o (2) provocar una denegaci\u00f3n de servicio (consumo del sistema de fichero) a trav\u00e9s de peticiones REST manipuladas que utilizan un objeto Puppet::FileBucket::File para escribir en las ubicaciones de archivos arbitrarios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.15\",\"matchCriteriaId\":\"38B82C69-873E-4529-B442-1C3C6C333124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.13\",\"matchCriteriaId\":\"DC6BE581-9580-41D0-81B0-38A7BF4B6292\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"2.5.1\",\"matchCriteriaId\":\"8AB2EAC2-9ABF-477D-B036-F62EF88A6453\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://projects.puppetlabs.com/issues/13552\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://projects.puppetlabs.com/issues/13553\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://puppetlabs.com/security/cve/cve-2012-1987/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/48743\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48748\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48789\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/49136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://ubuntu.com/usn/usn-1419-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2451\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/81308\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/52975\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hermes.opensuse.org/messages/14523305\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://hermes.opensuse.org/messages/15087408\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://projects.puppetlabs.com/issues/13552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://projects.puppetlabs.com/issues/13553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://puppetlabs.com/security/cve/cve-2012-1987/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/48743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/49136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"http://ubuntu.com/usn/usn-1419-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.osvdb.org/81308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/52975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hermes.opensuse.org/messages/14523305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://hermes.opensuse.org/messages/15087408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.