Lucene search

[email protected]NVD:CVE-2013-6398

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2013-6398

2014-01-1516:08:03

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

2.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

60.3%

JSON

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

Affected configurations

Nvd

Node

apachecloudstackRange≤4.2.0

apachecloudstackMatch2.0-community

apachecloudstackMatch2.0.1

apachecloudstackMatch2.1.0

apachecloudstackMatch2.1.1

apachecloudstackMatch2.1.2

apachecloudstackMatch2.1.3

apachecloudstackMatch2.1.4

apachecloudstackMatch2.1.5

apachecloudstackMatch2.1.6

apachecloudstackMatch2.1.7

apachecloudstackMatch2.1.8

apachecloudstackMatch2.1.9

apachecloudstackMatch2.1.10

apachecloudstackMatch2.2.0

apachecloudstackMatch2.2.1

apachecloudstackMatch2.2.2

apachecloudstackMatch2.2.3

apachecloudstackMatch2.2.5

apachecloudstackMatch2.2.6

apachecloudstackMatch2.2.7

apachecloudstackMatch2.2.8

apachecloudstackMatch2.2.9

apachecloudstackMatch2.2.11

apachecloudstackMatch2.2.12

apachecloudstackMatch2.2.13

apachecloudstackMatch2.2.14

apachecloudstackMatch3.0.0

apachecloudstackMatch3.0.1

apachecloudstackMatch3.0.2

apachecloudstackMatch4.0.0incubating

apachecloudstackMatch4.0.1

apachecloudstackMatch4.0.2

apachecloudstackMatch4.1.0

apachecloudstackMatch4.1.1

VendorProductVersionCPE
apachecloudstack*cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
apachecloudstack2.0cpe:2.3:a:apache:cloudstack:2.0:-:community:*:*:*:*:*
apachecloudstack2.0.1cpe:2.3:a:apache:cloudstack:2.0.1:*:*:*:*:*:*:*
apachecloudstack2.1.0cpe:2.3:a:apache:cloudstack:2.1.0:*:*:*:*:*:*:*
apachecloudstack2.1.1cpe:2.3:a:apache:cloudstack:2.1.1:*:*:*:*:*:*:*
apachecloudstack2.1.2cpe:2.3:a:apache:cloudstack:2.1.2:*:*:*:*:*:*:*
apachecloudstack2.1.3cpe:2.3:a:apache:cloudstack:2.1.3:*:*:*:*:*:*:*
apachecloudstack2.1.4cpe:2.3:a:apache:cloudstack:2.1.4:*:*:*:*:*:*:*
apachecloudstack2.1.5cpe:2.3:a:apache:cloudstack:2.1.5:*:*:*:*:*:*:*
apachecloudstack2.1.6cpe:2.3:a:apache:cloudstack:2.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	cloudstack	*	cpe:2.3:a:apache:cloudstack::::::::
apache	cloudstack	2.0	cpe:2.3:a:apache:cloudstack:2.0:-:community:::::*
apache	cloudstack	2.0.1	cpe:2.3:a:apache:cloudstack:2.0.1:::::::*
apache	cloudstack	2.1.0	cpe:2.3:a:apache:cloudstack:2.1.0:::::::*
apache	cloudstack	2.1.1	cpe:2.3:a:apache:cloudstack:2.1.1:::::::*
apache	cloudstack	2.1.2	cpe:2.3:a:apache:cloudstack:2.1.2:::::::*
apache	cloudstack	2.1.3	cpe:2.3:a:apache:cloudstack:2.1.3:::::::*
apache	cloudstack	2.1.4	cpe:2.3:a:apache:cloudstack:2.1.4:::::::*
apache	cloudstack	2.1.5	cpe:2.3:a:apache:cloudstack:2.1.5:::::::*
apache	cloudstack	2.1.6	cpe:2.3:a:apache:cloudstack:2.1.6:::::::*

Rows per page:

1-10 of 351

References

secunia.com/advisories/55960

secunia.com/advisories/60284

support.citrix.com/article/CTX140989

www.securityfocus.com/bid/69432

www.securitytracker.com/id/1030762

blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual

issues.apache.org/jira/browse/CLOUDSTACK-5263

CVSS2

2.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

60.3%

JSON

Related for NVD:CVE-2013-6398

cvelist1 nessus1 prion1 cve1 securityvulns2