CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-2654

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.8%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/46808
http://secunia.com/advisories/49439
http://www.ubuntu.com/usn/USN-1466-1
https://bugs.launchpad.net/nova/+bug/985184
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
https://lists.launchpad.net/openstack/msg12883.html
https://review.openstack.org/#/c/8239/
http://secunia.com/advisories/46808
http://secunia.com/advisories/49439
http://www.ubuntu.com/usn/USN-1466-1
https://bugs.launchpad.net/nova/+bug/985184
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
https://lists.launchpad.net/openstack/msg12883.html
https://review.openstack.org/#/c/8239/

Products affected by CVE-2012-2654

Openstack » Compute » Version: 2012.2

cpe:2.3:a:openstack:compute:2012.2
Openstack » Diablo » Version: 2011.3

cpe:2.3:a:openstack:diablo:2011.3
Openstack » Essex » Version: 2012.1

cpe:2.3:a:openstack:essex:2012.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-2654

Products

Pricing

Contact Us