Computer Security
[EN] securityvulns.ru no-pyccku


VMWare ESX Server crossite scripting and password leak
updated since 02.06.2006
Published:02.08.2006
Source:
SecurityVulns ID:6212
Type:remote
Threat Level:
6/10
Description:Management Interface crossite scripting. Additionally, cleartext password is contained in session cookie and server log files.
Affected:VMWARE : VMware ESX Server 2.0
 VMWARE : VMware ESX Server 2.1
 VMWARE : VMware ESX Server 2.5
Original documentdocumentVMWARE, VMSA-2006-0004 Cross site scripting vulnerability and other fixes (02.08.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue (02.08.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue (02.08.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue (02.08.2006)
 documentVMWARE, VMSA-2006-0002 - VMware Server sensitive information lifetime issue (03.06.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue (02.06.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod