VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-h88b-abes-3bgr

Essentials
Severities (29)
References (27)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-h88b-abes-3bgr
Aliases	CVE-2012-1987 GHSA-v58w-6xc2-w799
Summary	Puppet Denial of Service and Arbitrary File Write Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400	Uncontrolled Resource Consumption

System	Score	Found at
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
epss	0.00763	https://api.first.org/data/v1/epss?cve=CVE-2012-1987
generic_textual	LOW	https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-v58w-6xc2-w799
generic_textual	LOW	https://github.com/advisories/GHSA-v58w-6xc2-w799
generic_textual	LOW	https://github.com/puppetlabs/puppet
generic_textual	LOW	https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
generic_textual	LOW	https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
generic_textual	LOW	https://hermes.opensuse.org/messages/14523305
generic_textual	LOW	https://hermes.opensuse.org/messages/15087408
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2012-1987
generic_textual	LOW	https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
generic_textual	LOW	https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
generic_textual	LOW	https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
generic_textual	LOW	https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
generic_textual	LOW	https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
generic_textual	LOW	http://ubuntu.com/usn/usn-1419-1
generic_textual	LOW	http://www.debian.org/security/2012/dsa-2451

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
		http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
		http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-1987
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
		https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
		https://github.com/puppetlabs/puppet
		https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
		https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
		https://hermes.opensuse.org/messages/14523305
		https://hermes.opensuse.org/messages/15087408
		https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
		https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
		https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
		https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
		https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
		http://ubuntu.com/usn/usn-1419-1
		http://www.debian.org/security/2012/dsa-2451
810070		https://bugzilla.redhat.com/show_bug.cgi?id=810070
CVE-2012-1987		https://nvd.nist.gov/vuln/detail/CVE-2012-1987
CVE-2012-1987		https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
GHSA-v58w-6xc2-w799		https://github.com/advisories/GHSA-v58w-6xc2-w799
GLSA-201208-02		https://security.gentoo.org/glsa/201208-02
RHSA-2012:1542		https://access.redhat.com/errata/RHSA-2012:1542
USN-1419-1		https://usn.ubuntu.com/1419-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.73351
EPSS Score	0.00763
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:38.835560+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/puppet/CVE-2012-1987.yml	38.0.0