Remote Authentication Bypass in Apache CloudStack and Citrix CloudPlatform
CVE-2013-2756

Currently unrated

Key Information:

Vendor: Apache
Status: Cloudstack; Cloudplatform
Vendor: CVE Published:; 23 May 2014

Summary

An exploit exists in Apache CloudStack versions 4.0.0 and 4.0.1, as well as Citrix CloudPlatform 3.0.x prior to 3.0.6, allowing remote attackers to bypass console proxy authentication. This vulnerability arises from weaknesses in the product's authentication mechanisms, enabling unauthorized access through knowledge of the source code. Users and administrators should apply the latest patches to secure their environments and prevent potential exploits.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/83781

vdb-entryx_refsource_XF

http://support.citrix.com/article/CTX135815

x_refsource_CONFIRM

http://mail-archives.apache.org/mod_mbox/cloudstack-dev/2...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
May 23, 2014
Vulnerability Reserved
Apr 3, 2013