CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-2297
https://notcve.org/view.php?id=CVE-2017-2297
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens. Puppet Enterprise en versiones anteriores a la 2016.4.5 y 2017.2.1 no autenticaba correctamente los usuarios antes de devolver los tokens de acceso RBAC etiquetados. Este problema se ha solucionado en Puppet Enterprise 2016.4.5 y 2017.2.1. • https://puppet.com/security/cve/cve-2017-2297 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4100
https://notcve.org/view.php?id=CVE-2015-4100
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." Puppet Enterprise 3.7.x y 3.8.0 podría permitir que los usuarios autenticados remotos gestionen certificados para nodos arbitrarios utilizando un certificado de cliente considerado como fiable por el maestro. Esta vulnerabilidad también se conoce como "Certificate Authority Reverse Proxy Vulnerability". • https://puppet.com/security/cve/CVE-2015-4100 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6502
https://notcve.org/view.php?id=CVE-2015-6502
Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. Vulnerabilidad Cross-Site Scripting (XSS) en la consola en Puppet Enterprise en versiones anteriores a la 2015.2.1 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro string. Esto se relaciona con Login Redirect. • https://puppet.com/security/cve/CVE-2015-6502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8470
https://notcve.org/view.php?id=CVE-2015-8470
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. La consola en Puppet Enterprise 3.7.x, 3.8.x y 2015.2.x no establece la marca secure para la cookie JSESSIONID en una sesión HTTPS. Esto facilita que atacantes remotos capturen esta cookie interceptando su transmisión en una sesión HTTP. • https://puppet.com/security/cve/CVE-2015-8470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 96%CPEs: 6EXPL: 8CVE-2017-7529 – nginx: Integer overflow in nginx range filter module leading to memory disclosure
https://notcve.org/view.php?id=CVE-2017-7529
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente creada. A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. • https://github.com/liusec/CVE-2017-7529 https://github.com/MaxSecurity/CVE-2017-7529-POC https://github.com/Shehzadcyber/CVE-2017-7529 https://github.com/SirEagIe/CVE-2017-7529 https://github.com/cyberk1w1/CVE-2017-7529 https://github.com/cyberharsh/nginx-CVE-2017-7529 https://github.com/coolman6942o/-Exploit-CVE-2017-7529 https://github.com/fu2x2000/CVE-2017-7529-Nginx---Remote-Integer-Overflow-Exploit http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html http: • CWE-190: Integer Overflow or Wraparound •