[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04500238 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04500238 Version: 1 HPSBMU03190 rev....

Code injection

The Application Lifecycle Service ALS in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys fo...

CVE-2014-7878

The Application Lifecycle Service ALS in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys fo...

CVE-2014-7878

The CVE-2014-7878 issue affects HP Helion Cloud Development Platform 1.0: the Application Lifecycle Service (ALS) Seed Node image contains identical security keys across different customer installations, enabling a remote attacker with a VM derived from the Seed Node image to connect to other VMs...