5 matches found
CVE-2013-2756
The CVE-2013-2756 issue affects Apache CloudStack 4.0.0–4.0.1 (and Citrix CloudPlatform 3.0.x up to 3.0.5) where Patch C for the respective lines allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. The root cause is an authentication bypa...
CVE-2013-2758
CVE-2013-2758 affects Apache CloudStack 4.0.0–4.0.1 and Citrix CloudPlatform 3.0.x prior to 3.0.6 Patch C, which use a hash of a predictable sequence. This enables remote attackers to guess the console access URL via brute force. Remediation: upgrade to Apache CloudStack 4.0.2 or later, and Citri...
CVE-2014-0031
Apache CloudStack (vulnerable: before 4.2.1) exposes an information disclosure via the ListNetworkACL and listNetworkACLLists APIs. The issue, caused by how crafted requests allow remote authenticated users to list network ACLs for other users, can reveal ACLs not owned by the attacker. Impact is...
CVE-2013-6398
CVE-2013-6398 affects Apache CloudStack virtual routers prior to 4.2.1. After a restart, firewall rules’ source restrictions were not preserved, allowing a remote attacker to bypass restrictions and access network resources. Public sources in connected documents (NVD entry and security advisories...
CVE-2014-7807
Apache CloudStack is affected: versions 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allow unauthenticated LDAP binds when LDAP is configured, enabling login requests without a password and resulting in an unauthenticated bind. Remediation per the docs is to upgrade to 4.4.2 (or 4.3.2 in testing) or...