CVE-2011-0730

Sažetak

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

Reference

http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
http://open.eucalyptus.com/wiki/esa-02
http://secunia.com/advisories/44705
http://www.securityfocus.com/bid/48000
http://www.ubuntu.com/usn/USN-1137-1
https://bugs.launchpad.net/bugs/746101
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-11-2018 - 15:49

Objavljeno

02-06-2011 - 19:55