Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Eucalyptus SOAP接口远程任意命令注入漏洞
Vulnerability Description
Eucalyptus是美国加利福尼亚大学Santa Barbara计算机科学院的一个研究项目,它是一个用于实现云计算的开源软件基础设施,也是Amazon EC2(亚马逊弹性计算云)的一个开源实现。 在Ubuntu Enterprise Cloud(UEC)及其他产品中使用的Eucalyptus 2.0.3之前版本以及Eucalyptus EE 2.0.2之前版本的SOAP接口没有充分验证用户提供的数据。中间人攻击者可以通过修改请求执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A