Vulnerability in Apache Cloudstack
CVE-2013-6398
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.
EPSS: 0.010 (77.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Cloudstack — versions 2.0, 2.0.1, 2.1.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 60284 (x_refsource_SECUNIA, third-party-advisory)
- 55960 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- 69432 (vdb-entry, x_refsource_BID)
- 1030762 (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM)