Synopsis
A web application on the remote host is affected by multiple vulnerabilities.
Description
According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities :
- An input validation error exists related to the included Ruby version, handling string to floating point conversions that could allow denial of service attacks or arbitrary code execution. (CVE-2013-4164)
- An error exists related to the included RubyGems version and 'gem build', 'Gem::Package', and 'Gem::PackageTask' API calls that could allow denial of service attacks. (CVE-2013-4363)
- An error exists in the 'i18n' gem for Ruby that could allow cross-site scripting attacks. (CVE-2013-4491)
- An error exists related to handling temporary files that could allow a local attacker to overwrite files by using a symlink attack. (CVE-2013-4969)
- An error exists related to the included Ruby on Rails, 'Action View', and handling certain headers that could allow denial of service attacks. (CVE-2013-6414)
- An input validation error exists related to the included Ruby on Rails and the 'unit' parameter in the 'number_to_currency' helper that could allow cross-site scripting attacks. (CVE-2013-6415)
- An input validation error exists related to the included Ruby on Rails, JSON parameter parsing and SQL queries that could allow SQL injection attacks.
(CVE-2013-6417)
Solution
Upgrade to Puppet Enterprise 3.1.1 or later.
Plugin Details
File Name: puppet_enterprise_311.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:puppetlabs:puppet
Required KB Items: puppet/rest_port
Exploit Ease: No exploit is required
Patch Publication Date: 3/12/2013
Vulnerability Publication Date: 9/9/2013
Reference Information
CVE: CVE-2013-4164, CVE-2013-4363, CVE-2013-4491, CVE-2013-4969, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417
BID: 62442, 63873, 64074, 64076, 64077, 64106, 64552
CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990