This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
A web application on the remote host has multiple vulnerabilities.
According to its self-reported version number, the Puppet Enterprise
install on the remote host is a version prior to 3.0.1. As a result,
it reportedly has multiple vulnerabilities:
- An error exists related to the included Ruby SSL client
that could allow man-in-the-middle attacks.
- An error exists related to the 'resource_type' service
that could allow a local attacker to cause arbitrary
Ruby files to be executed. (CVE-2013-4761)
- Multiple session vulnerabilities exist that could
allow an attacker to hijack an arbitrary session and
gain unauthorized access. (CVE-2013-4762, CVE-2013-4964)
- An error exists related to 'Puppet Module Tool' (PMT)
and improper permissions. (CVE-2013-4956)
- Multiple security bypass vulnerabilities exist that
could allow an attacker to gain unauthorized access
and perform sensitive transactions. (CVE-2013-4958,
- Multiple information disclosure vulnerabilities exist
that could allow an attacker to access sensitive
information such as server software versions, MAC
addresses, SSH keys, and database passwords.
(CVE-2013-4959, CVE-2013-4961, CVE-2013-4967)
- An open-redirection vulnerability exists that could
allow an attacker to attempt a phishing attack.
- Clickjacking and cross-site-scripting vulnerabilities
exist that could allow an attacker to trick users into
sending them sensitive information such as passwords.
- A cross-site request forgery vulnerability exists that
could allow an attacker to manipulate a logged in user's
browser to perform sensitive transactions on the user's
See also :
Upgrade to Puppet Enterprise 3.0.1 or later.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.7
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 70663 ()