CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2012-4063
https://notcve.org/view.php?id=CVE-2012-4063
The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. La configuración de Apache Santuario en Eucalyptus antes de v3.1.1, no restringe la aplicación de transformación XML Signature en documentos, lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.eucalyptus.com/eucalyptus-cloud/security/esa-05 https://exchange.xforce.ibmcloud.com/vulnerabilities/78617 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3240
https://notcve.org/view.php?id=CVE-2012-3240
The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. El servicio Walrus en Eucalyptus v2.0.3 y v3.0.x antes de v3.0.2, permite a atacantes remotos obtener privilegios de administración a través de una petición REST. • http://secunia.com/advisories/49912 http://secunia.com/advisories/49916 http://www.eucalyptus.com/eucalyptus-cloud/security/esa-03 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3241
https://notcve.org/view.php?id=CVE-2012-3241
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. El VMware Broker in Eucalyptus v2.0.3 y v3.0.x anterior a v3.0.2 no verifica correctamente las peticiones SOAP, lo que permite a atacantes remotos ejecutar comandos de la API de VMware Broker. • http://secunia.com/advisories/49912 http://secunia.com/advisories/49916 http://www.eucalyptus.com/eucalyptus-cloud/security/esa-04 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-0730
https://notcve.org/view.php?id=CVE-2011-0730
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue. Eucalyptus antes de v2.0.3 y Eucalyptus EE antes de v2.0.2, tal como se utilizan en Ubuntu Enterprise Cloud (UEC) y otros productos, no interpretan correctamente los elementos firmado en las peticiones SOAP, lo que permite ejecutar comandos arbitrarios a atacantes "man-in-the-middle" mediante la modificación de una solicitud. Modificación relacionada con una "el embalaje de elementos de firma XML" o una "reproducción de firma SOAP". • http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz http://open.eucalyptus.com/wiki/esa-02 http://secunia.com/advisories/44705 http://www.securityfocus.com/bid/48000 http://www.ubuntu.com/usn/USN-1137-1 https://bugs.launchpad.net/bugs/746101 https://exchange.xforce.ibmcloud.com/vulnerabilities/67670 https://launchpad.net/ubuntu/+source/eucalyptus/+changelog • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2010-3905
https://notcve.org/view.php?id=CVE-2010-3905
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. La característica de borrado de password en la interfaz de administrador para Eucalyptus v2.0.0 y v2.0.1 no realiza la autenticación, lo que permite a atacantes remotos obtener privilegios por envío de peticiones de borrado de password para otros usuarios. • http://open.eucalyptus.com/wiki/esa-01 http://secunia.com/advisories/42632 http://secunia.com/advisories/42666 http://www.securityfocus.com/bid/45462 http://www.ubuntu.com/usn/USN-1033-1 http://www.vupen.com/english/advisories/2010/3259 http://www.vupen.com/english/advisories/2010/3260 https://exchange.xforce.ibmcloud.com/vulnerabilities/64167 • CWE-287: Improper Authentication •