CVE-2011-0738

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ncsa:myproxy:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ncsa:myproxy:5.1:*:*:*:*:*:*:*
cpe:2.3:a:ncsa:myproxy:5.2:*:*:*:*:*:*:*
OR cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-02-02 01:00

Updated : 2024-02-04 17:54


NVD link : CVE-2011-0738

Mitre link : CVE-2011-0738

CVE.ORG link : CVE-2011-0738


JSON object : View

Products Affected

globus

  • globus_toolkit

ncsa

  • myproxy
CWE
CWE-20

Improper Input Validation