CVE-2011-0730

Eucalyptus < 2.0.3 - Remote Code Execution via SOAP Request Signature Replay

Title source: llm
STIX 2.1

Description

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

References (8)

Core 8
Core References
Vendor Advisory x_refsource_confirm
http://open.eucalyptus.com/wiki/esa-02
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44705
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1137-1
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/bugs/746101
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48000
Patch, Third Party Advisory x_refsource_confirm
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog

Scores

EPSS 0.0217
EPSS Percentile 80.2%

Details

CWE
CWE-20
Status published
Products (5)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
canonical/ubuntu_linux 11.04
eucalyptus/eucalyptus < 2.0.2
eucalyptus/eucalyptus < 2.0.3
Published Jun 02, 2011
Tracked Since Feb 18, 2026