PRIOn knowledge basePRION:CVE-2011-0730Cross site request forgery (csrf)
7.5 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.7%
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an “XML Signature Element Wrapping” or a “SOAP signature replay” issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 10.10 | |
| ubuntu_linux | eq | 11.04 | |
| ubuntu_linux | eq | 10.04 | |
| eucalyptus | lt | 2.0.3 | |
| eucalyptus | lt | 2.0.2 |
References
launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
open.eucalyptus.com/wiki/esa-02
secunia.com/advisories/44705
www.securityfocus.com/bid/48000
www.ubuntu.com/usn/USN-1137-1
bugs.launchpad.net/bugs/746101
exchange.xforce.ibmcloud.com/vulnerabilities/67670
launchpad.net/ubuntu/+source/eucalyptus/+changelog
Related
7.5 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.7%