CVE-2011-0730 (GCVE-0-2011-0730)
Vulnerability from cvelistv5 – Published: 2011-06-02 19:00 – Updated: 2024-08-06 22:05
VLAI?
Summary
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.eucalyptus.com/wiki/esa-02"
},
{
"name": "44705",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz"
},
{
"name": "eucalyptus-soap-command-execution(67670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67670"
},
{
"name": "USN-1137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1137-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/746101"
},
{
"name": "48000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an \"XML Signature Element Wrapping\" or a \"SOAP signature replay\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.eucalyptus.com/wiki/esa-02"
},
{
"name": "44705",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz"
},
{
"name": "eucalyptus-soap-command-execution(67670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67670"
},
{
"name": "USN-1137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1137-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/bugs/746101"
},
{
"name": "48000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2011-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an \"XML Signature Element Wrapping\" or a \"SOAP signature replay\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://open.eucalyptus.com/wiki/esa-02",
"refsource": "CONFIRM",
"url": "http://open.eucalyptus.com/wiki/esa-02"
},
{
"name": "44705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44705"
},
{
"name": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz",
"refsource": "CONFIRM",
"url": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz"
},
{
"name": "eucalyptus-soap-command-execution(67670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67670"
},
{
"name": "USN-1137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1137-1"
},
{
"name": "https://bugs.launchpad.net/bugs/746101",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/746101"
},
{
"name": "48000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48000"
},
{
"name": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2011-0730",
"datePublished": "2011-06-02T19:00:00",
"dateReserved": "2011-02-01T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"2.0.2\", \"matchCriteriaId\": \"A94FA99D-6188-40C7-AD8E-EC420DADAAFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.3\", \"matchCriteriaId\": \"7CA849DA-7502-4678-AF63-ED646B1A2D13\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"5D37DF0F-F863-45AC-853A-3E04F9FEC7CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87614B58-24AB-49FB-9C84-E8DDBA16353B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF49D26F-142E-468B-87C1-BABEA445255C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an \\\"XML Signature Element Wrapping\\\" or a \\\"SOAP signature replay\\\" issue.\"}, {\"lang\": \"es\", \"value\": \"Eucalyptus antes de v2.0.3 y Eucalyptus EE antes de v2.0.2, tal como se utilizan en Ubuntu Enterprise Cloud (UEC) y otros productos, no interpretan correctamente los elementos firmado en las peticiones SOAP, lo que permite ejecutar comandos arbitrarios a atacantes \\\"man-in-the-middle\\\" mediante la modificaci\\u00f3n de una solicitud. Modificaci\\u00f3n relacionada con una \\\"el embalaje de elementos de firma XML\\\" o una \\\"reproducci\\u00f3n de firma SOAP\\\".\"}]",
"id": "CVE-2011-0730",
"lastModified": "2024-11-21T01:24:42.853",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2011-06-02T19:55:03.777",
"references": "[{\"url\": \"http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://open.eucalyptus.com/wiki/esa-02\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44705\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/48000\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1137-1\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/bugs/746101\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67670\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://launchpad.net/ubuntu/+source/eucalyptus/+changelog\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://open.eucalyptus.com/wiki/esa-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44705\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/48000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-1137-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/bugs/746101\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67670\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://launchpad.net/ubuntu/+source/eucalyptus/+changelog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-0730\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2011-06-02T19:55:03.777\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an \\\"XML Signature Element Wrapping\\\" or a \\\"SOAP signature replay\\\" issue.\"},{\"lang\":\"es\",\"value\":\"Eucalyptus antes de v2.0.3 y Eucalyptus EE antes de v2.0.2, tal como se utilizan en Ubuntu Enterprise Cloud (UEC) y otros productos, no interpretan correctamente los elementos firmado en las peticiones SOAP, lo que permite ejecutar comandos arbitrarios a atacantes \\\"man-in-the-middle\\\" mediante la modificaci\u00f3n de una solicitud. Modificaci\u00f3n relacionada con una \\\"el embalaje de elementos de firma XML\\\" o una \\\"reproducci\u00f3n de firma SOAP\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"2.0.2\",\"matchCriteriaId\":\"A94FA99D-6188-40C7-AD8E-EC420DADAAFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.3\",\"matchCriteriaId\":\"7CA849DA-7502-4678-AF63-ED646B1A2D13\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"5D37DF0F-F863-45AC-853A-3E04F9FEC7CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87614B58-24AB-49FB-9C84-E8DDBA16353B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF49D26F-142E-468B-87C1-BABEA445255C\"}]}]}],\"references\":[{\"url\":\"http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://open.eucalyptus.com/wiki/esa-02\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44705\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/48000\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1137-1\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/bugs/746101\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67670\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.net/ubuntu/+source/eucalyptus/+changelog\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://open.eucalyptus.com/wiki/esa-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/48000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1137-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/bugs/746101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.net/ubuntu/+source/eucalyptus/+changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…