CVE-2013-2756

Apache CloudStack <4.0.2 & Citrix CloudPlatform <3.0.6 - Auth Bypass

Title source: llm

Description

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.

References (8)

[Various Sources] http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E

[Patch, Vendor Advisory] http://support.citrix.com/article/CTX135815

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/83781

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/59463

[Third Party Advisory, VDB Entry] http://osvdb.org/92748

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1028473

[Third Party Advisory] http://secunia.com/advisories/53175

[Third Party Advisory] http://secunia.com/advisories/53204

Scores

EPSS 0.0305

EPSS Percentile 86.5%

Classification

CWE

CWE-287

Status draft

Affected Products (8)

apache/cloudstack

citrix/cloudplatform

Timeline

Published May 23, 2014

Tracked Since Feb 18, 2026