Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2012-2654

Date: June 21, 2012

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Language: Python

Severity Score

Related Resources (14)

https://review.openstack.org/#/c/8239/
http://secunia.com/advisories/46808
https://nvd.nist.gov/vuln/detail/CVE-2012-2654
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654
http://www.ubuntu.com/usn/USN-1466-1
https://review.openstack.org/#/c/8239
http://secunia.com/advisories/49439
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
https://github.com/openstack/nova
https://lists.launchpad.net/openstack/msg12883.html
https://bugs.launchpad.net/nova/+bug/985184
https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yaml
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978
https://www.mend.io/vulnerability-database/CVE-2012-2654

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us