QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2654

Published: Jun 21, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

https://review.openstack.org/#/c/8239/

x_refsource_CONFIRM

https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978

x_refsource_CONFIRM

https://bugs.launchpad.net/nova/+bug/985184

x_refsource_CONFIRM

https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)

mailing-list

x_refsource_MLIST

nova-security-group-sec-bypass(76110)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.