VYPR
Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Jun 16, 2026

CVE-2013-4961

CVE-2013-4961

Description

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.

Affected products

8
  • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.0.0
    • cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*
    • (no CPE)range: <3.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.