Unauthorized Access to Network ACLs in Apache CloudStack

Unauthorized Access to Network ACLs in Apache CloudStack

CVE-2014-0031 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

Learn more about our Cis Benchmark Audit For Apache Http Server.