CVE-2013-2758

Currently unrated

Key Information:

Vendor: Apache
Status: Cloudstack; Cloudplatform
Vendor: CVE Published:; 23 May 2014

Summary

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.

References

http://osvdb.org/92749

vdb-entryx_refsource_OSVDB

http://support.citrix.com/article/CTX135815

x_refsource_CONFIRM

http://mail-archives.apache.org/mod_mbox/cloudstack-dev/2...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
May 23, 2014
Vulnerability Reserved
Apr 3, 2013