CVE-2013-6398

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

CVSS v2.0 2.8 LOW

2.8^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:M/C:P/I:N/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication MULTIPLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/55960	Vendor Advisory
http://secunia.com/advisories/60284
http://support.citrix.com/article/CTX140989
http://www.securityfocus.com/bid/69432
http://www.securitytracker.com/id/1030762
https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual	Vendor Advisory
https://issues.apache.org/jira/browse/CLOUDSTACK-5263
http://secunia.com/advisories/55960	Vendor Advisory
http://secunia.com/advisories/60284
http://support.citrix.com/article/CTX140989
http://www.securityfocus.com/bid/69432
http://www.securitytracker.com/id/1030762
https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual	Vendor Advisory
https://issues.apache.org/jira/browse/CLOUDSTACK-5263

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:cloudstack::::::::
	cpe:2.3:a:apache:cloudstack:2.0:-:community:::::*
	cpe:2.3:a:apache:cloudstack:2.0.1:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.0:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.1:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.2:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.3:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.4:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.5:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.6:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.7:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.8:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.9:::::::*
	cpe:2.3:a:apache:cloudstack:2.1.10:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.0:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.1:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.2:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.3:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.5:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.6:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.7:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.8:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.9:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.11:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.12:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.13:::::::*
	cpe:2.3:a:apache:cloudstack:2.2.14:::::::*
	cpe:2.3:a:apache:cloudstack:3.0.0:::::::*
	cpe:2.3:a:apache:cloudstack:3.0.1:::::::*
	cpe:2.3:a:apache:cloudstack:3.0.2:::::::*
	cpe:2.3:a:apache:cloudstack:4.0.0:incubating::::::
	cpe:2.3:a:apache:cloudstack:4.0.1:::::::*
	cpe:2.3:a:apache:cloudstack:4.0.2:::::::*
	cpe:2.3:a:apache:cloudstack:4.1.0:::::::*
	cpe:2.3:a:apache:cloudstack:4.1.1:::::::*

History

21 Nov 2024, 01:59

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/55960 - Vendor Advisory~~	() http://secunia.com/advisories/55960 - Vendor Advisory
References	~~() http://secunia.com/advisories/60284 -~~	() http://secunia.com/advisories/60284 -
References	~~() http://support.citrix.com/article/CTX140989 -~~	() http://support.citrix.com/article/CTX140989 -
References	~~() http://www.securityfocus.com/bid/69432 -~~	() http://www.securityfocus.com/bid/69432 -
References	~~() http://www.securitytracker.com/id/1030762 -~~	() http://www.securitytracker.com/id/1030762 -
References	~~() https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual - Vendor Advisory~~	() https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual - Vendor Advisory
References	~~() https://issues.apache.org/jira/browse/CLOUDSTACK-5263 -~~	() https://issues.apache.org/jira/browse/CLOUDSTACK-5263 -

Information

Published : 2014-01-15 16:08

Updated : 2024-11-21 01:59

NVD link : CVE-2013-6398

Mitre link : CVE-2013-6398

CVE.ORG link : CVE-2013-6398

JSON object : View

Products Affected

apache

cloudstack

CWE

CWE-264

Permissions, Privileges, and Access Controls

2.8 /10