Home > Vulnerability Database > CVE-2011-0730

Mend.io Vulnerability Database

CVE-2011-0730

Date: June 2, 2011

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

Severity Score

6.1

Related Resources (10)

Url: https://bugs.launchpad.net/bugs/746101

Url: http://open.eucalyptus.com/wiki/esa-02

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0730

Url: http://www.ubuntu.com/usn/USN-1137-1

Url: http://secunia.com/advisories/44705

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/67670

Url: https://launchpad.net/ubuntu/+source/eucalyptus/+changelog

Url: http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz

Url: http://www.securityfocus.com/bid/48000

Url: https://www.mend.io/vulnerability-database/CVE-2011-0730

Severity Score

6.1

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-0730

Date: June 2, 2011

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?