What is CVE-2012-5616?

CVE-2012-5616 is a vulnerability in Apache Cloudstack, classified under CWE-255. Published 2013-01-22.

Is CVE-2012-5616 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Cloudstack

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the cr…

EPSS: 0.001 (27.9th percentile) — read the EPSS interpretation.

Affected products

Apache Cloudstack — versions 4.0.0
Citrix Cloudplatform
N/a — versions n/a

Weakness classification (CWE)

CWE-255

Public proof-of-concept exploits

ManuelBravoR/NVD-CVE-Scanner-TelegramNotifier

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
89146 (x_refsource_OSVDB, vdb-entry)
20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability (mailing-list, x_refsource_FULLDISC)
89147 (x_refsource_OSVDB, vdb-entry)
57225 (vdb-entry, x_refsource_BID)
[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability (mailing-list, x_refsource_MLIST)
51821 (x_refsource_SECUNIA, third-party-advisory)
57259 (vdb-entry, x_refsource_BID)
89070 (x_refsource_OSVDB, vdb-entry)
51366 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2012-5616?: CVE-2012-5616 is a vulnerability in Apache Cloudstack, classified under CWE-255. Published 2013-01-22.
Is CVE-2012-5616 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.