CVE-2011-0730

Priority
High
Description
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu
Enterprise Cloud (UEC) and other products, do not properly interpret signed
elements in SOAP requests, which allows man-in-the-middle attackers to
execute arbitrary commands by modifying a request, related to an "XML
Signature Element Wrapping" or a "SOAP signature replay" issue.
References
Bugs
Notes
 jdstrand> aka 'SOAP interfaces vulnerable to XML Signature Element Wrapping
  attacks'
 jdstrand> new rampart version needed to support correct verification of SOAP
  requests from eucalyptus-2.0.3-src-deps.tar.gz
Assigned-to
Daviey
Package
Upstream:released (1.3.0-0euca2)
Package
Upstream:released (2.0.3)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:24 UTC (commit 9756)