CVE-2013-4961 (Software Version Numbers Were Revealed)

  • Posted August 15, 2013

  • Assessed Risk Level: Low

The Apache and Phusion Passenger software versions used for the application are revealed by the web server in the HTTP response headers.

Displaying version information could allow an attacker to determine which vulnerabilities are present, particularly in cases involving an outdated software version with published vulnerabilities.


  • Affected Versions: Puppet Enterprise 2.x, 3.0.0
  • Resolved in Puppet Enterprise 3.0.1.
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.