Информационная безопасность
[RU] switch to English


Уязвимости безопасности в VMWare vCenter Server / vSphere Client
Опубликовано:8 мая 2011 г.
Источник:
SecurityVulns ID:11658
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах, утечка информации.
Затронутые продукты:VMWARE : ESX 4.0
 VMWARE : ESX 4.1
 VMWARE : vCenter Server 4.0
 VMWARE : vCenter Server 4.1
CVE:CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.)
 CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.)
 CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.)
Оригинальный текстdocumentVMWARE, VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities (08.05.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород