Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4066

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4066
Last Modified 18 Mar 2013 12:00:00
Published 08 Mar 2013 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4066

Summary

The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.

Vulnerable Systems

Application

  • Eucalyptus 1.0

  • Eucalyptus 1.1

  • Eucalyptus 1.2

  • Eucalyptus 1.3

  • Eucalyptus 1.4

  • Eucalyptus 1.5.1

  • Eucalyptus 1.5.2

  • Eucalyptus 1.6

  • Eucalyptus 1.6.2

  • Eucalyptus 2.0

  • Eucalyptus 2.0.0

  • Eucalyptus 2.0.1

  • Eucalyptus 2.0.2

  • Eucalyptus 2.0.3

  • Eucalyptus 3.0

  • Eucalyptus 3.0.1

  • Eucalyptus 3.1.0

  • Eucalyptus 3.2.0


References

CONFIRM - http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08


Last Updated: 27 May 2016 11:02:02