Lucene search

RedhatCVE-2014-0031

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2014-0031

2014-01-1516:08:04

CWE-264

redhat

web.nvd.nist.gov

cve-2014-0031

apache cloudstack

api

remote access

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

65.5%

JSON

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

Affected configurations

Nvd

Node

apachecloudstackRange≤4.2.0

apachecloudstackMatch2.0-community

apachecloudstackMatch2.0.1

apachecloudstackMatch2.1.0

apachecloudstackMatch2.1.1

apachecloudstackMatch2.1.2

apachecloudstackMatch2.1.3

apachecloudstackMatch2.1.4

apachecloudstackMatch2.1.5

apachecloudstackMatch2.1.6

apachecloudstackMatch2.1.7

apachecloudstackMatch2.1.8

apachecloudstackMatch2.1.9

apachecloudstackMatch2.1.10

apachecloudstackMatch2.2.0

apachecloudstackMatch2.2.1

apachecloudstackMatch2.2.2

apachecloudstackMatch2.2.3

apachecloudstackMatch2.2.5

apachecloudstackMatch2.2.6

apachecloudstackMatch2.2.7

apachecloudstackMatch2.2.8

apachecloudstackMatch2.2.9

apachecloudstackMatch2.2.11

apachecloudstackMatch2.2.12

apachecloudstackMatch2.2.13

apachecloudstackMatch2.2.14

apachecloudstackMatch3.0.0

apachecloudstackMatch3.0.1

apachecloudstackMatch3.0.2

apachecloudstackMatch4.0.0incubating

apachecloudstackMatch4.0.1

apachecloudstackMatch4.0.2

apachecloudstackMatch4.1.0

apachecloudstackMatch4.1.1

VendorProductVersionCPE
apachecloudstack*cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
apachecloudstack2.0cpe:2.3:a:apache:cloudstack:2.0:-:community:*:*:*:*:*
apachecloudstack2.0.1cpe:2.3:a:apache:cloudstack:2.0.1:*:*:*:*:*:*:*
apachecloudstack2.1.0cpe:2.3:a:apache:cloudstack:2.1.0:*:*:*:*:*:*:*
apachecloudstack2.1.1cpe:2.3:a:apache:cloudstack:2.1.1:*:*:*:*:*:*:*
apachecloudstack2.1.2cpe:2.3:a:apache:cloudstack:2.1.2:*:*:*:*:*:*:*
apachecloudstack2.1.3cpe:2.3:a:apache:cloudstack:2.1.3:*:*:*:*:*:*:*
apachecloudstack2.1.4cpe:2.3:a:apache:cloudstack:2.1.4:*:*:*:*:*:*:*
apachecloudstack2.1.5cpe:2.3:a:apache:cloudstack:2.1.5:*:*:*:*:*:*:*
apachecloudstack2.1.6cpe:2.3:a:apache:cloudstack:2.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	cloudstack	*	cpe:2.3:a:apache:cloudstack::::::::
apache	cloudstack	2.0	cpe:2.3:a:apache:cloudstack:2.0:-:community:::::*
apache	cloudstack	2.0.1	cpe:2.3:a:apache:cloudstack:2.0.1:::::::*
apache	cloudstack	2.1.0	cpe:2.3:a:apache:cloudstack:2.1.0:::::::*
apache	cloudstack	2.1.1	cpe:2.3:a:apache:cloudstack:2.1.1:::::::*
apache	cloudstack	2.1.2	cpe:2.3:a:apache:cloudstack:2.1.2:::::::*
apache	cloudstack	2.1.3	cpe:2.3:a:apache:cloudstack:2.1.3:::::::*
apache	cloudstack	2.1.4	cpe:2.3:a:apache:cloudstack:2.1.4:::::::*
apache	cloudstack	2.1.5	cpe:2.3:a:apache:cloudstack:2.1.5:::::::*
apache	cloudstack	2.1.6	cpe:2.3:a:apache:cloudstack:2.1.6:::::::*

Rows per page:

1-10 of 351

References

secunia.com/advisories/55960

blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl

issues.apache.org/jira/browse/CLOUDSTACK-5145

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2014-0031