Unrated severityNVD Advisory· Published Feb 2, 2011· Updated Apr 29, 2026

CVE-2011-0738

Description

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

Affected products

Ncsa/Myproxy3 versions
cpe:2.3:a:ncsa:myproxy:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ncsa:myproxy:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ncsa:myproxy:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ncsa:myproxy:5.2:*:*:*:*:*:*:*
Globus/Globus Toolkit3 versions
cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:globus:globus_toolkit:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:globus:globus_toolkit:5.0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.globus.org/pipermail/security-announce/2011-January/000018.htmlnvdPatch
grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txtnvdVendor Advisory
secunia.com/advisories/42972nvdVendor Advisory
secunia.com/advisories/43103nvdVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.htmlnvd
osvdb.org/70494nvd
www.securityfocus.com/bid/45916nvd
www.vupen.com/english/advisories/2011/0227nvd
exchange.xforce.ibmcloud.com/vulnerabilities/64830nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000