CVE-2013-6398

high

Description

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

References

https://issues.apache.org/jira/browse/CLOUDSTACK-5263

https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual

http://www.securitytracker.com/id/1030762

http://www.securityfocus.com/bid/69432

http://support.citrix.com/article/CTX140989

http://secunia.com/advisories/60284

http://secunia.com/advisories/55960

Details

Source: Mitre, NVD

Published: 2014-01-15

Updated: 2014-09-04

Risk Information

CVSS v2

Base Score: 2.8

Vector: CVSS2#AV:N/AC:M/Au:M/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

Detections

Analytics