Vulnerability Name: | CVE-2011-0730 (CCN-67670) | ||||||||
Assigned: | 2011-05-25 | ||||||||
Published: | 2011-05-25 | ||||||||
Updated: | 2018-11-29 | ||||||||
Summary: | Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue. | ||||||||
CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2011-0730 Source: CONFIRM Type: Patch, Third Party Advisory http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz Source: CCN Type: ESA-02 SOAP interfaces vulnerable to XML Signature Element Wrapping attacks Source: CONFIRM Type: Vendor Advisory http://open.eucalyptus.com/wiki/esa-02 Source: SECUNIA Type: Third Party Advisory 44705 Source: CCN Type: OSVDB ID: 73259 Eucalyptus SOAP Request Signed Element MiTM Arbitrary Command Execution Source: CCN Type: OSVDB ID: 73462 Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass Source: BID Type: Third Party Advisory, VDB Entry 48000 Source: CCN Type: BID-48000 Eucalyptus SOAP Interface Remote Arbitrary Command Injection Vulnerability Source: UBUNTU Type: Third Party Advisory USN-1137-1 Source: CONFIRM Type: Third Party Advisory https://bugs.launchpad.net/bugs/746101 Source: XF Type: Third Party Advisory, VDB Entry eucalyptus-soap-command-execution(67670) Source: XF Type: UNKNOWN eucalyptus-soap-command-execution(67670) Source: CONFIRM Type: Patch, Third Party Advisory https://launchpad.net/ubuntu/+source/eucalyptus/+changelog | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |