CVE-2013-2756
Apache CloudStack <4.0.2 & Citrix CloudPlatform <3.0.6 - Auth Bypass
Title source: llmDescription
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59463
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92748
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028473
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53204
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53175
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83781
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX135815
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E
Scores
EPSS
0.0305
EPSS Percentile
86.9%
Details
CWE
CWE-287
Status
published
Products (8)
apache/cloudstack
4.0.0 incubating
apache/cloudstack
4.0.1
apache/cloudstack
4.0.2
citrix/cloudplatform
3.0
citrix/cloudplatform
3.0.3
citrix/cloudplatform
3.0.4
citrix/cloudplatform
3.0.5
citrix/cloudplatform
3.0.6
Published
May 23, 2014
Tracked Since
Feb 18, 2026