Showing 1 - 1 of 1

CVE-2012-5616

Status Candidate

Overview

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

Related Files

Apache CloudStack 4.0.0-incubating Information Disclosure: Posted Jan 12, 2013; Authored by Ahmad Emneina; The CloudStack security team was notified of a information disclosure vulnerability that exists in Apache CloudStack-4.0.0-incubating. With this vulnerability, when a user calls the createSSHKeyPair API command to create an SSH key pair to be used when authenticating to a user VM, the freshly generated SSH private key is rendered in a log file at INFO level on the CloudStack "master" server as well as being returned to the caller.; tags | advisory, info disclosure; advisories | CVE-2012-5616; SHA-256 | 7e5072bee6a90d8b464801d5889631f4bf7ef3c7f7dd527b84682cb89915ef5d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2012-5616

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems