Launchpad.net

CVE 2011-0730

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

Related bugs and status

CVE-2011-0730 (Candidate) is related to these bugs:

Bug #746101: SOAP interfaces are vulnerable to XML Signature Element Wrapping attacks

		In	Importance	Status
746101	SOAP interfaces are vulnerable to XML Signature Element Wrapping attacks	Eucalyptus	Undecided	Fix Released
746101	SOAP interfaces are vulnerable to XML Signature Element Wrapping attacks	eucalyptus (Ubuntu)	Undecided	Fix Released
746101	SOAP interfaces are vulnerable to XML Signature Element Wrapping attacks	eucalyptus (Ubuntu Lucid)	Undecided	Fix Released
746101	SOAP interfaces are vulnerable to XML Signature Element Wrapping attacks	eucalyptus (Ubuntu Maverick)	Undecided	Fix Released
746101	SOAP interfaces are vulnerable to XML Signature Element Wrapping attacks	eucalyptus (Ubuntu Oneiric)	Undecided	Fix Released
746101	SOAP interfaces are vulnerable to XML Signature Element Wrapping attacks	eucalyptus (Ubuntu Natty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-0730

Related bugs and status

Related bugs

References