PT-2014-2866 · Vmware+1 · Vmware+1

Publicado

2014-04-15

Atualizado

2014-04-16

CVE-2013-4768

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Eucalyptus versions 2.0 through 3.4.1

Description The issue affects the web services APIs, allowing remote attackers to cause a denial of service. This is related to vectors in the "network connection clean up code" and involves components such as Cloud Controller (CLC), Walrus, Storage Controller (SC), and VMware Broker (VB).

Recommendations For Eucalyptus versions 2.0 through 3.4.1, consider restricting access to the web services APIs as a temporary workaround until a patch is available. Additionally, review the network connection clean up code to identify potential issues that could lead to a denial of service.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2013-4768

Produtos afetados

Eucalyptus

Vmware

PT-2014-2866 · Vmware+1 · Vmware+1

CVE-2013-4768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2