Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5616

Overview

Vulnerability Score 1.5 1.5
CVE Id CVE-2012-5616
Last Modified 01 Apr 2013 11:21:24
Published 22 Jan 2013 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-5616

Summary

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

Vulnerable Systems

Application

  • Apache Cloudstack 4.0.0

  • Citrix Cloudplatform 3.0.5


References

XF - callofduty-ssl-spoofing(81116)

SECTRACK - 1027978

BID - 57259

BID - 57225

CONFIRM - http://support.citrix.com/article/CTX136163

SECUNIA - 51827

SECUNIA - 51821

SECUNIA - 51366

FULLDISC - 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability

OSVDB - 89147

OSVDB - 89146

OSVDB - 89070

MLIST - [incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability


Last Updated: 27 May 2016 10:55:06