Vulnerability in Apache Cloudstack

CVE-2013-2758

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a b…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.028 (86.4th percentile) — read the EPSS interpretation.

Affected products

Apache Cloudstack — versions 4.0.0, 4.0.1, 4.0.2
Citrix Cloudplatform — versions 3.0, 3.0.3, 3.0.4
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

92749 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack (mailing-list, x_refsource_MLIST)
1028473 (vdb-entry, x_refsource_SECTRACK)
cloudstack-cve20132758-info-disc(83782) (vdb-entry, x_refsource_XF)
53204 (x_refsource_SECUNIA, third-party-advisory)
59464 (vdb-entry, x_refsource_BID)
53175 (x_refsource_SECUNIA, third-party-advisory)