Page tree
Skip to end of metadata
Go to start of metadata

Web Services Denial of Service Vulnerability



Web Services Denial of Service Vulnerability

Severity LevelIMPORTANT
Issue Date2014-02-24
Last Updated2014-03-11
Affected ProductsHP Helion Eucalyptus 2.0 to HP Helion Eucalyptus 3.4.1
CVE NumberCVE-2013-4768




A security issue has been identified in the way HP Helion Eucalyptus Java-based components handle network connections to web services APIs. All versions of HP Helion Eucalyptus starting from 2.0 are affected. An update is now available in 3.4.2 that resolves this issue. We advise immediately updating all affected HP Helion Eucalyptus installations.


A flaw was identified in the network connection clean up code that allows for Denial of Service attacks against HP Helion Eucalyptus web services APIs by remote, unauthenticated attackers. All Java-based components are affected, including Cloud Controller (CLC), Walrus, Storage Controller (SC), and VMware Broker (VB).


Restricting network access to HP Helion Eucalyptus web services APIs to trusted clients only (if possible) can help preventing intentional DoS attacks. Please refer the Administration Guide at for HP Helion Eucalyptus open ports and connectivity rules.


HP Helion Eucalyptus 3.4.2 resolves this issue.

Please see for instructions on downloading and upgrading to the latest HP Helion Eucalyptus software.

Contact and help

Contact the HP Helion Eucalyptus security team at