CVE-2011-0730

EUVD-2011-0743
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
eucalyptuseucalyptus
𝑥
< 2.0.2
eucalyptuseucalyptus
𝑥
< 2.0.3
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
canonicalubuntu_linux
11.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eucalyptus
dapper
dne
hardy
dne
lucid
Fixed 1.6.2-0ubuntu30.5
released
maverick
Fixed 2.0+bzr1241-0ubuntu4.2
released
natty
Fixed 2.0.1+bzr1256-0ubuntu4.1
released
rampart
dapper
dne
hardy
dne
lucid
Fixed 1.3.0-0ubuntu7.1
released
maverick
Fixed 1.3.0-1ubuntu1.1
released
natty
Fixed 1.3.0-1ubuntu2.1
released
Common Weakness Enumeration
References
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
http://open.eucalyptus.com/wiki/esa-02
http://secunia.com/advisories/44705
http://www.securityfocus.com/bid/48000
http://www.ubuntu.com/usn/USN-1137-1
https://bugs.launchpad.net/bugs/746101
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
http://open.eucalyptus.com/wiki/esa-02
http://secunia.com/advisories/44705
http://www.securityfocus.com/bid/48000
http://www.ubuntu.com/usn/USN-1137-1
https://bugs.launchpad.net/bugs/746101
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog