CVE-2015-7519 - Header Overwriting Passenger Vulnerability
Posted February 9, 2016
Assessed Risk Level: Medium
On December 7, 2015 the Passenger project announced CVE-2015-7519 addressing header overwriting.
Default deployments in of the Puppet Enterprise console prior to 3.8.4 use a vulnerable version of passenger. The version of passenger shipping with Puppet Enterprise 3.8.4 has been updated to address this vulnerability.
For more information about the vulnerability, please refer to the Passenger security announcement.
Affected Software Versions:
- Puppet Enterprise 3.x prior to 3.8.4
- Puppet Enterprise 3.8.4