CVE-2014-3250 (retired)

Priority
Description
The default vhost configuration file in Puppet before 3.6.2 does not
include the SSLCARevocationCheck directive, which might allow remote
attackers to obtain sensitive information via a revoked certificate when a
Puppet master runs with Apache 2.4.
Notes
sbeattietriggered under apache 2.4 only
mdeslaurlater Debian packages don't enable SSLCARevocationCheck by
default, just simply add it as a commented-out example to the
config file. We are not going to fix this in Ubuntu 14.04 LTS.
If this is required, it can simply be added to the local
configuration.
More Information

Updated: 2019-10-09 07:50:19 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)