High severity7.1NVD Advisory· Published Apr 24, 2018· Updated Jun 17, 2026

CVE-2016-9599

Description

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Puppet Tripleo/puppet-tripleollm-create
Range: <5.5.0, <6.2.0
Red Hat/puppet-tripleollm-fuzzy
Range: <5.5.0, <6.2.0
unspecified/puppet-tripleov5
Range: puppet-tripleo 5.5.0

Patches

Vulnerability mechanics

References

rhn.redhat.com/errata/RHSA-2017-0025.htmlnvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000