Lucene search

[email protected]NVD:CVE-2014-9593

HistoryJan 15, 2015 - 3:59 p.m.

CVE-2014-9593

2015-01-1515:59:23

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

68.0%

JSON

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

Affected configurations

Nvd

Node

apachecloudstackRange≤4.3.1

apachecloudstackMatch4.4.0

apachecloudstackMatch4.4.1

VendorProductVersionCPE
apachecloudstack*cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
apachecloudstack4.4.0cpe:2.3:a:apache:cloudstack:4.4.0:*:*:*:*:*:*:*
apachecloudstack4.4.1cpe:2.3:a:apache:cloudstack:4.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	cloudstack	*	cpe:2.3:a:apache:cloudstack::::::::
apache	cloudstack	4.4.0	cpe:2.3:a:apache:cloudstack:4.4.0:::::::*
apache	cloudstack	4.4.1	cpe:2.3:a:apache:cloudstack:4.4.1:::::::*

References

docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html

docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release

secunia.com/advisories/62216

issues.apache.org/jira/browse/CLOUDSTACK-7952

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

68.0%

JSON

Related for NVD:CVE-2014-9593

cve1 prion1 cvelist1