CVE-2011-0730

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
eucalyptuseucalyptus
𝑥
< 2.0.2
eucalyptuseucalyptus
𝑥
< 2.0.3
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
canonicalubuntu_linux
11.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eucalyptus
natty
Fixed 2.0.1+bzr1256-0ubuntu4.1
released
maverick
Fixed 2.0+bzr1241-0ubuntu4.2
released
lucid
Fixed 1.6.2-0ubuntu30.5
released
hardy
dne
dapper
dne
rampart
natty
Fixed 1.3.0-1ubuntu2.1
released
maverick
Fixed 1.3.0-1ubuntu1.1
released
lucid
Fixed 1.3.0-0ubuntu7.1
released
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
http://open.eucalyptus.com/wiki/esa-02
http://secunia.com/advisories/44705
http://www.securityfocus.com/bid/48000
http://www.ubuntu.com/usn/USN-1137-1
https://bugs.launchpad.net/bugs/746101
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
http://open.eucalyptus.com/wiki/esa-02
http://secunia.com/advisories/44705
http://www.securityfocus.com/bid/48000
http://www.ubuntu.com/usn/USN-1137-1
https://bugs.launchpad.net/bugs/746101
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog