Vulnerabilities > Eucalyptus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-17 | CVE-2012-4067 | Resource Management Errors vulnerability in Eucalyptus Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request. | 4.3 |
| 2013-03-08 | CVE-2012-4066 | Improper Authentication vulnerability in Eucalyptus The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. | 5.0 |
| 2012-10-01 | CVE-2012-4064 | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Controller or (2) Walrus with the internal message format and a modified user id. | 6.5 |
| 2012-10-01 | CVE-2012-4063 | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
| 2011-06-02 | CVE-2011-0730 | Improper Input Validation vulnerability in multiple products Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue. | 6.5 |