PT-2013-1611 · Eucalyptus · Eucalyptus

Published

2013-03-08

Updated

2013-03-18

CVE-2012-4066

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Eucalyptus versions 3.2.0 and earlier

Description The internal message protocol for Walrus in Eucalyptus does not require signatures for unspecified request headers, allowing attackers to delete or upload snapshots.

Recommendations For versions 3.2.0 and earlier, consider restricting access to the Walrus internal message protocol until a fix is available. As a temporary workaround, review and monitor all snapshot uploads and deletions to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-4066

Affected Products

Eucalyptus

PT-2013-1611 · Eucalyptus · Eucalyptus

CVE-2012-4066

Weakness Enumeration

Related Identifiers

Affected Products

References · 2