CVE-2013-2756

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...

Code injection

Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...

Design/Logic Flaw

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...

CVE-2013-2758

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...

CVE-2013-2756

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...

CVE-2013-2757

CVE-2013-2757 concerns Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C. The issue is that access to VNC ports on the management network is not properly restricted, allowing remote attackers to impact the system via unknown vectors. The entry documents the affected p...

CVE-2013-2758

CVE-2013-2758 affects Apache CloudStack 4.0.0–4.0.1 and Citrix CloudPlatform 3.0.x prior to 3.0.6 Patch C, which use a hash of a predictable sequence. This enables remote attackers to guess the console access URL via brute force. Remediation: upgrade to Apache CloudStack 4.0.2 or later, and Citri...

CVE-2013-2756

The CVE-2013-2756 issue affects Apache CloudStack 4.0.0–4.0.1 (and Citrix CloudPlatform 3.0.x up to 3.0.5) where Patch C for the respective lines allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. The root cause is an authentication bypa...

CVE-2013-2757

Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

Design/Logic Flaw

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

CVE-2012-5616

CVE-2012-5616 affects Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform prior to 3.0.6, where sensitive data is logged in log4j.conf. This enables local users to obtain (1) SSH private keys from createSSHKeyPair, (2) host passwords from AddHost, and (3)/(4) VM passwords from DeployVM or...