CVE-2013-6398 Information

Description

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted which allows remote attackers to bypass intended restrictions via a request.

Reference

http://secunia.com/advisories/55960 http://secunia.com/advisories/60284 http://support.citrix.com/article/CTX140989 http://www.securityfocus.com/bid/69432 http://www.securitytracker.com/id/1030762 https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual https://issues.apache.org/jira/browse/CLOUDSTACK-5263