Computer Security
[EN] securityvulns.ru no-pyccku


VMWare application WebAccess multiple security vulnerabilities
Published:31.03.2010
Source:
SecurityVulns ID:10735
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting vulnerabilities.
Affected:VMWARE : VMware Server 1.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Server 2.0
 VMWARE : Virtual Center 2.5
 VMWARE : Virtual Center 2.0
CVE:CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.)
 CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.)
 CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability.")
 CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data.")
Original documentdocumentTrustwave Advisories, Trustwave's SpiderLabs Security Advisory TWSL2010-002 (31.03.2010)
 documentVMWARE, VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (31.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod