Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9593

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9593
Last Modified 16 Jan 2015 01:34:29
Published 15 Jan 2015 10:59:23
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9593

Summary

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

Vulnerable Systems

Application

  • Apache Cloudstack 4.3.1

  • Apache Cloudstack 4.4.0

  • Apache Cloudstack 4.4.1


References

CONFIRM - https://issues.apache.org/jira/browse/CLOUDSTACK-7952

SECUNIA - 62216

CONFIRM - http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release

CONFIRM - http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html


Last Updated: 27 May 2016 11:07:34