VMware vCenter Server Appliance Directory Traversal Vulnerability
Last Update Date:
24 Dec 2012 11:11
Release Date:
24 Dec 2012
4812
Views
RISK: Medium Risk
TYPE: Operating Systems - VM Ware
Two vulnerabilities have been identified in VMware vCenter Server Appliance, which can be exploited by remote authenticated user to view files on the target system.
- A remote authenticated user can supply a specially crafted request to retrieve arbitrary files from the target system.
- A remote authenticated user can supply a specially crafted request to exploit an XML parsing flaw to retrieve arbitrary files from the target system.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- vCenter Server Appliance 5.1 prior to vCSA 5.1.0b
- vCenter Server Appliance 5.0 prior to vCSA 5.0 Update 2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to vCenter Server Appliance 5.1.0b
https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_1 - Update to vCenter Server Appliance 5.0 Update 2
https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_0
Vulnerability Identifier
Source
Related Link
Share with