Unrated severityNVD Advisory· Published Jan 15, 2014· Updated Apr 29, 2026
CVE-2013-6398
CVE-2013-6398
Description
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.
Affected products
35cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*range: <=4.2.0
- cpe:2.3:a:apache:cloudstack:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.0:-:community:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cloudstack:4.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- secunia.com/advisories/55960nvdVendor Advisory
- blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtualnvdVendor Advisory
- secunia.com/advisories/60284nvd
- support.citrix.com/article/CTX140989nvd
- www.securityfocus.com/bid/69432nvd
- www.securitytracker.com/id/1030762nvd
- issues.apache.org/jira/browse/CLOUDSTACK-5263nvd
News mentions
0No linked articles in our index yet.