CVE-2013-4961 (Software Version Numbers Were Revealed)
Posted August 15, 2013
Assessed Risk Level: Low
The Apache and Phusion Passenger software versions used for the application are revealed by the web server in the HTTP response headers.
Displaying version information could allow an attacker to determine which vulnerabilities are present, particularly in cases involving an outdated software version with published vulnerabilities.
- Affected Versions: Puppet Enterprise 2.x, 3.0.0
- Resolved in Puppet Enterprise 3.0.1.