Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в WebAccess продуктов VMWare
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10735
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости межсайтового скриптинга.
Затронутые продукты:VMWARE : VMware Server 1.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Server 2.0
 VMWARE : Virtual Center 2.5
 VMWARE : Virtual Center 2.0
CVE:CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.)
 CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.)
 CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability.")
 CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data.")
Оригинальный текстdocumentTrustwave Advisories, Trustwave's SpiderLabs Security Advisory TWSL2010-002 (31.03.2010)
 documentVMWARE, VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (31.03.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород