Puppet Enterprise 2015.x < 2016.4.0 Denial of Service Vulnerability
Medium Nessus Plugin ID 129756
SynopsisA web application running on the remote host is affected by a denial of service vulnerability.
DescriptionAccording to its self-reported version number, the Puppet install running on the remote host is version 5.5.x prior to 2017.2.2. It is, therefore, affected by a denial of service (DoS) vulnerability which exists in the puppet communications protocol broker due to incorrect validation of message header sizes. An unauthenticated remote attacker can exploit this issue to creash the pcp broker and prevent commands from being seint to agents.
SolutionUpgrade to Puppet Enterprise version 2016.4.0 or later.