CVE Vulnerabilities

CVE-2013-6398

Published: Jan 15, 2014 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.8 LOW
AV:N/AC:M/Au:M/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.

Affected Software

Name Vendor Start Version End Version
Cloudstack Apache * 4.2.0 (including)
Cloudstack Apache 2.0 (including) 2.0 (including)
Cloudstack Apache 2.0.1 (including) 2.0.1 (including)
Cloudstack Apache 2.1.0 (including) 2.1.0 (including)
Cloudstack Apache 2.1.1 (including) 2.1.1 (including)
Cloudstack Apache 2.1.2 (including) 2.1.2 (including)
Cloudstack Apache 2.1.3 (including) 2.1.3 (including)
Cloudstack Apache 2.1.4 (including) 2.1.4 (including)
Cloudstack Apache 2.1.5 (including) 2.1.5 (including)
Cloudstack Apache 2.1.6 (including) 2.1.6 (including)
Cloudstack Apache 2.1.7 (including) 2.1.7 (including)
Cloudstack Apache 2.1.8 (including) 2.1.8 (including)
Cloudstack Apache 2.1.9 (including) 2.1.9 (including)
Cloudstack Apache 2.1.10 (including) 2.1.10 (including)
Cloudstack Apache 2.2.0 (including) 2.2.0 (including)
Cloudstack Apache 2.2.1 (including) 2.2.1 (including)
Cloudstack Apache 2.2.2 (including) 2.2.2 (including)
Cloudstack Apache 2.2.3 (including) 2.2.3 (including)
Cloudstack Apache 2.2.5 (including) 2.2.5 (including)
Cloudstack Apache 2.2.6 (including) 2.2.6 (including)
Cloudstack Apache 2.2.7 (including) 2.2.7 (including)
Cloudstack Apache 2.2.8 (including) 2.2.8 (including)
Cloudstack Apache 2.2.9 (including) 2.2.9 (including)
Cloudstack Apache 2.2.11 (including) 2.2.11 (including)
Cloudstack Apache 2.2.12 (including) 2.2.12 (including)
Cloudstack Apache 2.2.13 (including) 2.2.13 (including)
Cloudstack Apache 2.2.14 (including) 2.2.14 (including)
Cloudstack Apache 3.0.0 (including) 3.0.0 (including)
Cloudstack Apache 3.0.1 (including) 3.0.1 (including)
Cloudstack Apache 3.0.2 (including) 3.0.2 (including)
Cloudstack Apache 4.0.0-incubating (including) 4.0.0-incubating (including)
Cloudstack Apache 4.0.1 (including) 4.0.1 (including)
Cloudstack Apache 4.0.2 (including) 4.0.2 (including)
Cloudstack Apache 4.1.0 (including) 4.1.0 (including)
Cloudstack Apache 4.1.1 (including) 4.1.1 (including)

References