CVE-2012-4066

Eucalyptus < 3.2.0 - Authentication Bypass

Title source: rule

Description

The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.

References (1)

[Vendor Advisory] http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08

Scores

EPSS 0.0020

EPSS Percentile 41.4%

Classification

CWE

CWE-287

Status draft

Affected Products (18)

eucalyptus/eucalyptus < 3.2.0

eucalyptus/eucalyptus

... and 3 more

Timeline

Published Mar 08, 2013

Tracked Since Feb 18, 2026