PT-2014-2866 · Vmware+1 · Vmware+1

Published

2014-04-15

Updated

2014-04-16

CVE-2013-4768

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Eucalyptus versions 2.0 through 3.4.1

Description The issue affects the web services APIs, allowing remote attackers to cause a denial of service. This is related to vectors in the "network connection clean up code" and involves components such as Cloud Controller (CLC), Walrus, Storage Controller (SC), and VMware Broker (VB).

Recommendations For Eucalyptus versions 2.0 through 3.4.1, consider restricting access to the web services APIs as a temporary workaround until a patch is available. Additionally, review the network connection clean up code to identify potential issues that could lead to a denial of service.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-4768

Affected Products

Eucalyptus

Vmware

PT-2014-2866 · Vmware+1 · Vmware+1

CVE-2013-4768

Weakness Enumeration

Related Identifiers

Affected Products

References · 2