CVE-2012-5616

NONECVSS 0.0

0.0

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

🔗 References (24)

secalert@redhathttp://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E
secalert@redhathttp://osvdb.org/89070
secalert@redhathttp://osvdb.org/89146
secalert@redhathttp://osvdb.org/89147
secalert@redhathttp://seclists.org/fulldisclosure/2013/Jan/65
secalert@redhathttp://secunia.com/advisories/51366
secalert@redhathttp://secunia.com/advisories/51821
secalert@redhathttp://secunia.com/advisories/51827
secalert@redhathttp://support.citrix.com/article/CTX136163
secalert@redhathttp://www.securityfocus.com/bid/57225
secalert@redhathttp://www.securityfocus.com/bid/57259
secalert@redhathttp://www.securitytracker.com/id?1027978
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/89070
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/89146

Is Your Infrastructure Affected by CVE-2012-5616?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-5616

📅 Published

🔄 Last Modified

🔗 References (24)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-5616?