Computer Security
[EN] no-pyccku

Apache CloudStack security vulnerabilities
SecurityVulns ID:13523
Threat Level:
Description:Protection bypass, information leakage.
Affected:APACHE : CloudStack 4.2
CVE:CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.)
 CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.)
Original documentdocumentAPACHE, Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users (14.01.2014)
 documentAPACHE, Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access (14.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod