First published: Mon Oct 01 2012(Updated: )
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus service via a crafted message, as demonstrated by changes to a volume, snapshot, or cloud configuration setting.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eucalyptus Eucalyptus | <=3.1.0 | |
Eucalyptus Eucalyptus | =1.0 | |
Eucalyptus Eucalyptus | =1.1 | |
Eucalyptus Eucalyptus | =1.2 | |
Eucalyptus Eucalyptus | =1.3 | |
Eucalyptus Eucalyptus | =1.4 | |
Eucalyptus Eucalyptus | =1.5.1 | |
Eucalyptus Eucalyptus | =1.5.2 | |
Eucalyptus Eucalyptus | =1.6 | |
Eucalyptus Eucalyptus | =1.6.2 | |
Eucalyptus Eucalyptus | =2.0 | |
Eucalyptus Eucalyptus | =2.0.0 | |
Eucalyptus Eucalyptus | =2.0.1 | |
Eucalyptus Eucalyptus | =2.0.2 | |
Eucalyptus Eucalyptus | =2.0.3 | |
Eucalyptus Eucalyptus | =3.0 | |
Eucalyptus Eucalyptus | =3.0.1 | |
Eucalyptus Eucalyptus | =3.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.