CVE-2014-0031

Apache CloudStack (vulnerable: before 4.2.1) exposes an information disclosure via the ListNetworkACL and listNetworkACLLists APIs. The issue, caused by how crafted requests allow remote authenticated users to list network ACLs for other users, can reveal ACLs not owned by the attacker. Impact is...

CVE-2013-6398

CVE-2013-6398 affects Apache CloudStack virtual routers prior to 4.2.1. After a restart, firewall rules’ source restrictions were not preserved, allowing a remote attacker to bypass restrictions and access network resources. Public sources in connected documents (NVD entry and security advisories...