VMware ESX Server Multiple Vulnerabilities
Last Update Date:
19 Nov 2012 10:44
Release Date:
19 Nov 2012
4739
Views
RISK: Medium Risk
TYPE: Operating Systems - VM Ware
Multiple vulnerabilities have been identified in VMware ESX Server, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and cause a DoS (Denial of Service).
- An error within the vSphere API can be exploited to cause a crash.
- Some vulnerabilities exist in the bundled vulnerable version of bind.
- Some vulnerabilities exist in the bundled vulnerable version of python.
- Some vulnerabilities exist in the bundled vulnerable version of expat.
- A vulnerability exists in the bundled vulnerable version of nspr and nss.
Impact
- Cross-Site Scripting
- Denial of Service
- Information Disclosure
- Spoofing
System / Technologies affected
- VMware ESX Server 4.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply patches
Vulnerability Identifier
- CVE-2011-4940
- CVE-2011-4944
- CVE-2012-0876
- CVE-2012-1033
- CVE-2012-1148
- CVE-2012-1150
- CVE-2012-1667
- CVE-2012-2615
- CVE-2012-3817
- CVE-2012-5703
Source
Related Link
Share with