5

CVE-2013-2756

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCloudstack Version4.0.0 Updateincubating
ApacheCloudstack Version4.0.1
ApacheCloudstack Version4.0.2
CitrixCloudplatform Version3.0
CitrixCloudplatform Version3.0.3
CitrixCloudplatform Version3.0.4
CitrixCloudplatform Version3.0.5
CitrixCloudplatform Version3.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.82% 0.922
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E
http://osvdb.org/92748
http://secunia.com/advisories/53175
http://secunia.com/advisories/53204
http://support.citrix.com/article/CTX135815
Patch
Vendor Advisory
http://www.securityfocus.com/bid/59463
http://www.securitytracker.com/id/1028473
https://exchange.xforce.ibmcloud.com/vulnerabilities/83781