CVE-2013-2757
https://notcve.org/view.php?id=CVE-2013-2757
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors. Citrix CloudPlatform (anteriormente Citrix CloudStack) 3.0.x anterior a 3.0.6 Patch C no restringe debidamente acceso a puertos VNC en la red de gestión, lo que permite a atacantes remotos tener impacto no especificado a través de vectores desconocidos. • http://osvdb.org/92746 http://secunia.com/advisories/53204 http://support.citrix.com/article/CTX135815 http://www.securityfocus.com/bid/59467 http://www.securitytracker.com/id/1028473 https://exchange.xforce.ibmcloud.com/vulnerabilities/83783 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-2758
https://notcve.org/view.php?id=CVE-2013-2758
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack. Apache CloudStack 4.0.0 anterior a 4.0.2 y Citrix CloudPlatform (anteriormente Citrix CloudStack) 3.0.x anterior a 3.0.6 Patch C utiliza un hash de una secuencia previsible, lo que facilita a atacantes remotos adivinar la URL de acceso de consola a través de un ataque de fuerza bruta. • http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E http://osvdb.org/92749 http://secunia.com/advisories/53175 http://secunia.com/advisories/53204 http://support.citrix.com/article/CTX135815 http://www.securityfocus.com/bid/59464 http://www.securitytracker.com/id/1028473 https://exchange.xforce.ibmcloud.com/vulnerabilities/83782 • CWE-310: Cryptographic Issues •
CVE-2013-2756
https://notcve.org/view.php?id=CVE-2013-2756
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. Apache CloudStack 4.0.0 anterior a 4.0.2 y Citrix CloudPlatform (anteriormente Citrix CloudStack) 3.0.x anterior a 3.0.6 Patch C permite a atacantes remotos evadir la autenticación de proxy de consola mediante el conocimiento del código fuente. • http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E http://osvdb.org/92748 http://secunia.com/advisories/53175 http://secunia.com/advisories/53204 http://support.citrix.com/article/CTX135815 http://www.securityfocus.com/bid/59463 http://www.securitytracker.com/id/1028473 https://exchange.xforce.ibmcloud.com/vulnerabilities/83781 • CWE-287: Improper Authentication •