CVE-2011-0730

critical

Description

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

References

https://launchpad.net/ubuntu/+source/eucalyptus/+changelog

https://exchange.xforce.ibmcloud.com/vulnerabilities/67670

https://bugs.launchpad.net/bugs/746101

http://www.ubuntu.com/usn/USN-1137-1

http://www.securityfocus.com/bid/48000

http://secunia.com/advisories/44705

http://open.eucalyptus.com/wiki/esa-02

http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz

Details

Source: Mitre, NVD

Published: 2011-06-02

Updated: 2018-11-29

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical