Vulnerability Details : CVE-2011-0738
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2011-0738
Probability of exploitation activity in the next 30 days: 0.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0738
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-0738
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0738
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html
[SECURITY] Fedora 13 Update: myproxy-5.3-1.fc13
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html
[SECURITY] Fedora 14 Update: myproxy-5.3-1.fc14
-
http://lists.globus.org/pipermail/security-announce/2011-January/000018.html
Patch
-
http://www.vupen.com/english/advisories/2011/0227
Webmail | OVH- OVH
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64830
MyProxy SSL spoofing CVE-2011-0738 Vulnerability Report
-
http://www.securityfocus.com/bid/45916
MyProxy SSL Certificate Validation Security Bypass Vulnerability
-
http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt
Vendor Advisory
Products affected by CVE-2011-0738
- cpe:2.3:a:ncsa:myproxy:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ncsa:myproxy:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ncsa:myproxy:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*