CVE-2011-0738

medium

Description

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64830

http://www.vupen.com/english/advisories/2011/0227

http://www.securityfocus.com/bid/45916

http://secunia.com/advisories/43103

http://secunia.com/advisories/42972

http://osvdb.org/70494

http://lists.globus.org/pipermail/security-announce/2011-January/000018.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html

http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt

Details

Source: Mitre, NVD

Published: 2011-02-02

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium