CVE-2013-6398

Sažetak

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

Reference

http://secunia.com/advisories/55960
http://secunia.com/advisories/60284
http://support.citrix.com/article/CTX140989
http://www.securityfocus.com/bid/69432
http://www.securitytracker.com/id/1030762
https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual
https://issues.apache.org/jira/browse/CLOUDSTACK-5263

CVSS

Base:	2.8
Impact:	2.9
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:M/C:P/I:N/A:N

Zadnje važnije ažuriranje

04-09-2014 - 05:25

Objavljeno

15-01-2014 - 16:08