📦

puppetlabs-apache

Vendor: puppet

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 0 Remote Access
Total CVEs 17 Total Indexed
Avg. EPSS 0.12% Exploit Prob.
Latest CVE CVE-2017-2299 Sep 15

Security Vulnerability Index

Page 1 / 2
7.5 CVSS
CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.

EPSS: 0.12%