NVD

Id
44375  
Name
CVE-2012-2654  
Description
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-06-21  
Modified Date
2012-08-24  
Seq
2012-2654  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
222574 44375 CVE-2012-2654 USN-1466-1  View
222575 44375 CVE-2012-2654 nova-security-group-sec-bypass(76110)  View
222576 44375 CVE-2012-2654 https://bugs.launchpad.net/nova/+bug/985184  View
222577 44375 CVE-2012-2654 https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978  View
222578 44375 CVE-2012-2654 https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654  View
222579 44375 CVE-2012-2654 [openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)  View
222580 44375 CVE-2012-2654 https://review.openstack.org/#/c/8239/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27141 JVNDB-2012-002848 OpenStack の EC2 および OS API におけるアクセス制限を回避される脆弱性 OpenStack の EC2 および OS API は、セキュリティグループが作成されていて、ネットワークプロトコルのエントリが小文字で記述されていない場合、プロトコルを適切にチェックしないため、アクセス制限を回避される脆弱性が存在します。 CVE-2012-2654 55892 CVE-2012-2654 44375 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002848.html 2012-06-21 2012-06-26 View