Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Jun 16, 2026
CVE-2013-4961
CVE-2013-4961
Description
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
Affected products
8cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.0.0
- cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*
- (no CPE)range: <3.0.1
Patches
Vulnerability mechanics
References
1- puppetlabs.com/security/cve/cve-2013-4961/nvdVendor Advisory
News mentions
0No linked articles in our index yet.