CVE-2011-0730 — MEDIUM (6.5)

Q: How severe is CVE-2011-0730?

CVE-2011-0730 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-0730?

Check the references section above for vendor advisories and patch information. Affected products include: Eucalyptus Eucalyptus, Canonical Ubuntu Linux.

Vulnerability Description

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Eucalyptus	Eucalyptus	< 2.0.2
Canonical	Ubuntu Linux	10.04

Related Weaknesses (CWE)

CWE-20

References

http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1PatchThird Party Advisory
http://open.eucalyptus.com/wiki/esa-02Vendor Advisory
http://secunia.com/advisories/44705Third Party Advisory
http://www.securityfocus.com/bid/48000Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1137-1Third Party Advisory
https://bugs.launchpad.net/bugs/746101Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670Third Party AdvisoryVDB Entry
https://launchpad.net/ubuntu/+source/eucalyptus/+changelogPatchThird Party Advisory
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1PatchThird Party Advisory
http://open.eucalyptus.com/wiki/esa-02Vendor Advisory
http://secunia.com/advisories/44705Third Party Advisory
http://www.securityfocus.com/bid/48000Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1137-1Third Party Advisory
https://bugs.launchpad.net/bugs/746101Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670Third Party AdvisoryVDB Entry

FAQ

What is CVE-2011-0730?

CVE-2011-0730 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the...

How severe is CVE-2011-0730?

CVE-2011-0730 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0730?

Check the references section above for vendor advisories and patch information. Affected products include: Eucalyptus Eucalyptus, Canonical Ubuntu Linux.