FKIE_CVE-2011-0738

Vulnerability from fkie_nvd - Published: 2011-02-02 01:00 - Updated: 2026-04-29 01:13
Severity
Summary
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
References
cve@mitre.orghttp://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txtVendor Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html
cve@mitre.orghttp://lists.globus.org/pipermail/security-announce/2011-January/000018.htmlPatch
cve@mitre.orghttp://osvdb.org/70494
cve@mitre.orghttp://secunia.com/advisories/42972Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/43103Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/45916
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0227
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/64830
af854a3a-2127-422b-91ae-364da2661108http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html
af854a3a-2127-422b-91ae-364da2661108http://lists.globus.org/pipermail/security-announce/2011-January/000018.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/70494
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42972Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43103Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45916
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0227
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/64830
Impacted products
Vendor Product Version
ncsa myproxy 5.0
ncsa myproxy 5.1
ncsa myproxy 5.2
globus globus_toolkit 5.0.0
globus globus_toolkit 5.0.1
globus globus_toolkit 5.0.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ncsa:myproxy:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FADB96A-A9AF-48D7-99AB-FE73A4BD54DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ncsa:myproxy:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD094F8F-A907-4920-9488-1CDA2F099071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ncsa:myproxy:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7300CC47-9A4E-45FB-A586-2219E68FC8E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A290F1E-261D-4B41-9D33-A93091BE6E88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55414096-387E-48E7-BB53-80C0ED73708B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59625B10-2AB6-4E37-987B-B420C25C49E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation."
    },
    {
      "lang": "es",
      "value": "MyProxy v5.0 hasta v5.2, tal como se utiliza en Globus Toolkit v5.0.0 hasta v5.0.2, no comprueba correctamente (1) el nombre de host  o (2) la identidad en el certificado X.509 para el myproxy-servidor, lo que permite a atacantes remotos suplantar el servidor y llevar a cabo ataques man-in-the-middle (MITM) a trav\u00e9s de certificados manipulados cuando se ejecuta (a) myproxy-logon o (b) myproxy-get-delegation."
    }
  ],
  "id": "CVE-2011-0738",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-02-02T01:00:06.987",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/70494"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42972"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45916"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0227"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.