5

CVE-2013-2758

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCloudstack Version4.0.0 Updateincubating
ApacheCloudstack Version4.0.1
ApacheCloudstack Version4.0.2
CitrixCloudplatform Version3.0
CitrixCloudplatform Version3.0.3
CitrixCloudplatform Version3.0.4
CitrixCloudplatform Version3.0.5
CitrixCloudplatform Version3.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.47% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E
http://secunia.com/advisories/53175
http://secunia.com/advisories/53204
http://support.citrix.com/article/CTX135815
Patch
Vendor Advisory
http://www.securitytracker.com/id/1028473
http://osvdb.org/92749
http://www.securityfocus.com/bid/59464
https://exchange.xforce.ibmcloud.com/vulnerabilities/83782