Overview

CVE-2014-0198 (OpenSSL vulnerability could allow denial of service attack)

  • Posted July 15, 2014

  • Assessed Risk Level: low

Due to a vulnerability in OpenSSL versions 1.0.0 and 1.0.1, if SSL_MODE_RELEASE_BUFFERS is enabled, an attacker could cause a denial of service. This affected agents running on the following operating systems: Solaris 10, Windows, and AIX.
 
CVSS v2 score: 1.9 with Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C
Status:
Affected Platforms:
Puppet Enterprise 3.2 (Solaris, Windows, AIX)
 
Resolved in:
Puppet Enterprise 3.3.0