Lucene search

PRIOn knowledge basePRION:CVE-2013-6398

HistoryJan 15, 2014 - 4:08 p.m.

Cross site request forgery (csrf)

2014-01-1516:08:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

2.8 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

CPENameOperatorVersion
cloudstackeq2.2.7
cloudstackeq2.1.6
cloudstackeq2.2.14
cloudstackeq2.2.0
cloudstackeq2.2.12
cloudstackeq2.2.6
cloudstackeq2.2.9
cloudstackeq4.1.1
cloudstackeq2.1.8
cloudstackeq2.1.2

Name	Operator	Version
cloudstack	eq	2.2.7
cloudstack	eq	2.1.6
cloudstack	eq	2.2.14
cloudstack	eq	2.2.0
cloudstack	eq	2.2.12
cloudstack	eq	2.2.6
cloudstack	eq	2.2.9
cloudstack	eq	4.1.1
cloudstack	eq	2.1.8
cloudstack	eq	2.1.2

Rows per page:

1-10 of 351

References

secunia.com/advisories/55960

secunia.com/advisories/60284

support.citrix.com/article/CTX140989

www.securityfocus.com/bid/69432

www.securitytracker.com/id/1030762

blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual

issues.apache.org/jira/browse/CLOUDSTACK-5263

7.1 High

AI Score

Confidence

Low

2.8 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for PRION:CVE-2013-6398