Showing 1 - 1 of 1

CVE-2012-5616

Status Candidate

Overview

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

Related Files

Apache CloudStack 4.0.0-incubating Information Disclosure: Posted Jan 12, 2013; Authored by Ahmad Emneina; The CloudStack security team was notified of a information disclosure vulnerability that exists in Apache CloudStack-4.0.0-incubating. With this vulnerability, when a user calls the createSSHKeyPair API command to create an SSH key pair to be used when authenticating to a user VM, the freshly generated SSH private key is rendered in a log file at INFO level on the CloudStack "master" server as well as being returned to the caller.; tags | advisory, info disclosure; advisories | CVE-2012-5616; SHA-256 | 7e5072bee6a90d8b464801d5889631f4bf7ef3c7f7dd527b84682cb89915ef5d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 139 files
Ubuntu 79 files
Gentoo 33 files
Debian 26 files
Sebastian Hamann 8 files
Jann Horn 7 files
Google Security Research 6 files
Moritz Abrell 6 files
Jaggar Henry 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,941)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,657)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

CVE-2012-5616

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems