The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
References
Link | Resource |
---|---|
http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08 | Vendor Advisory |
http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08 - Vendor Advisory |
Information
Published : 2013-03-08 18:55
Updated : 2024-11-21 01:42
NVD link : CVE-2012-4066
Mitre link : CVE-2012-4066
CVE.ORG link : CVE-2012-4066
JSON object : View
Products Affected
eucalyptus
- eucalyptus
CWE
CWE-287
Improper Authentication