CVE-2013-2758
Apache CloudStack 4.0.0-4.0.2 and Citrix CloudPlatform 3.0.x-3.0.6 - Predictable Console Access URL
Title source: llmDescription
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59464
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92749
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53204
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53175
Patch, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX135815
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028473
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83782
Scores
EPSS
0.0280
EPSS Percentile
86.3%
Details
CWE
CWE-310
Status
published
Products (8)
apache/cloudstack
4.0.0 incubating
apache/cloudstack
4.0.1
apache/cloudstack
4.0.2
citrix/cloudplatform
3.0
citrix/cloudplatform
3.0.3
citrix/cloudplatform
3.0.4
citrix/cloudplatform
3.0.5
citrix/cloudplatform
3.0.6
Published
May 23, 2014
Tracked Since
Feb 18, 2026