Firewall Rule Bypass Vulnerability in Apache CloudStack
CVE-2013-6398

Currently unrated

Key Information:

Vendor: Apache
Status: Cloudstack
Vendor: CVE Published:; 15 January 2014

Summary

The virtual router in older versions of Apache CloudStack fails to maintain the integrity of source restrictions in firewall rules after a restart. This design flaw allows remote attackers to exploit the vulnerability, enabling them to circumvent intended firewall rules, potentially leading to unauthorized access to systems and networks. It is essential for users to upgrade to version 4.2.1 or later to mitigate this risk effectively.

References

http://secunia.com/advisories/60284

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/55960

third-party-advisoryx_refsource_SECUNIA

https://issues.apache.org/jira/browse/CLOUDSTACK-5263

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Nov 4, 2013