3.5

CVSS Score

Basic Information

CVE ID

CVE-2012-1987

GHSA ID

GHSA-v58w-6xc2-w799

EPSS Score

0.71858%

CWE

CWE-400

Published

5/14/2022

Updated

1/15/2024

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-1987

CVE-2012-1987:
Puppet Denial of Service and Arbitrary File Write

A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

(GitHub Advisory)

3.5

CVSS Score

Basic Information

CVE ID

CVE-2012-1987

GHSA ID

GHSA-v58w-6xc2-w799

EPSS Score

0.71858%

CWE

CWE-400

Published

5/14/2022

Updated

1/15/2024

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
puppet	rubygems	>= 2.6.0, < 2.6.15	2.6.15
puppet	rubygems	>= 2.7.0, < 2.7.13	2.7.13

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The GitHub patch explicitly removes the 'bucket_path' parameter in the uri2indirection function (lib/puppet/network/http/api/v1.rb), which was previously passed through from user input. The commit message and tests confirm this parameter was the attack vector for arbitrary file writes. The memory consumption DoS (via /dev/random) is likely related to filebucket path handling but lacks explicit function references in the provided data. The primary vulnerable function is clearly identified by the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility in Pupp*t *.*.x ***or* *.*.** *n* *.*.x ***or* *.*.**, *n* Pupp*t *nt*rpris* (P*) Us*rs *.*, *.*, *.*.x, *.*.x, *n* *.*.x ***or* *.*.* *llows r*mot* *ut**nti**t** us*rs wit* ***nt SSL k*ys to **(*)** **us* * **ni*l o* s*rvi** (m*mory

Reasoning

T** *it*u* p*t** *xpli*itly r*mov*s t** '*u*k*t_p*t*' p*r*m*t*r in t** `uri*in*ir**tion` *un*tion (`li*/pupp*t/n*twork/*ttp/*pi/v*.r*`), w*i** w*s pr*viously p*ss** t*rou** *rom us*r input. T** *ommit m*ss*** *n* t*sts *on*irm t*is p*r*m*t*r w*s t**

3.5

Basic Information

Concerned about an active attack path?

CVE-2012-1987: Puppet Denial of Service and Arbitrary File Write

3.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2012-1987:
Puppet Denial of Service and Arbitrary File Write

Vulnerability Intelligence
Miggo AI