CVE-2012-5616

Severity

15%

Complexity

27%

Confidentiality

48%

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

CVSS 2.0 Base Score 1.5. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N).

Overview

First reported 12 years ago

2013-01-22 23:55:00

Last updated 11 years ago

2013-04-02 03:21:00

Affected Software

Apache Software Foundation CloudStack 4.0.0-incubating

4.0.0

References

[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability

89070

89146

89147

20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability

51366

51821

51827

http://support.citrix.com/article/CTX136163

Vendor Advisory

57225

57259

1027978

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.