CVE-2013-2758

CVE-2013-2758 affects Apache CloudStack 4.0.0–4.0.1 and Citrix CloudPlatform 3.0.x prior to 3.0.6 Patch C, which use a hash of a predictable sequence. This enables remote attackers to guess the console access URL via brute force. Remediation: upgrade to Apache CloudStack 4.0.2 or later, and Citri...

CVE-2013-2756

The CVE-2013-2756 issue affects Apache CloudStack 4.0.0–4.0.1 (and Citrix CloudPlatform 3.0.x up to 3.0.5) where Patch C for the respective lines allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. The root cause is an authentication bypa...

CVE-2012-5616

CVE-2012-5616 affects Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform prior to 3.0.6, where sensitive data is logged in log4j.conf. This enables local users to obtain (1) SSH private keys from createSSHKeyPair, (2) host passwords from AddHost, and (3)/(4) VM passwords from DeployVM or...

CVE-2013-2757

CVE-2013-2757 concerns Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x prior to 3.0.6 Patch C. The issue is that access to VNC ports on the management network is not properly restricted, allowing remote attackers to impact the system via unknown vectors. The entry documents the affected p...