Back to search
CVE-2017-2299
Published: Sep 15, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.
| Vendor | Product | Versions |
|---|---|---|
Puppet | puppetlabs-apache | affected prior to 1.11.1 and 2.1.0 |
References
100859
vdb-entry
x_refsource_BID
https://puppet.com/security/cve/CVE-2017-2299
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now