Overview

CVE-2015-7519 - Header Overwriting Passenger Vulnerability

  • Posted February 9, 2016

  • Assessed Risk Level: Medium

On December 7, 2015 the Passenger project announced CVE-2015-7519 addressing header overwriting.

Default deployments in of the Puppet Enterprise console prior to 3.8.4 use a vulnerable version of passenger. The version of passenger shipping with Puppet Enterprise 3.8.4 has been updated to address this vulnerability.

For more information about the vulnerability, please refer to the Passenger security announcement.

Status:

Affected Software Versions:

  • Puppet Enterprise 3.x prior to 3.8.4

Resolved in:

  • Puppet Enterprise 3.8.4