CVE-2011-0730
Eucalyptus < 2.0.3 - Remote Code Execution via SOAP Request Signature Replay
Title source: llmDescription
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_confirm
http://open.eucalyptus.com/wiki/esa-02
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44705
Patch, Third Party Advisory x_refsource_confirm
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1137-1
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/bugs/746101
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48000
Patch, Third Party Advisory x_refsource_confirm
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog
Scores
EPSS
0.0217
EPSS Percentile
80.2%
Details
CWE
CWE-20
Status
published
Products (5)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
canonical/ubuntu_linux
11.04
eucalyptus/eucalyptus
< 2.0.2
eucalyptus/eucalyptus
< 2.0.3
Published
Jun 02, 2011
Tracked Since
Feb 18, 2026