Executive Summary
Summary | |
---|---|
Title | VMware products address vulnerabilities in WebAccess |
Informations | |||
---|---|---|---|
Name | VMSA-2010-0005 | First vendor Publication | 2010-03-29 |
Vendor | VMware | Last vendor Modification | 2010-03-29 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. WebAccess Context Data Cross-site Scripting Vulnerability A cross-site scripting vulnerability in WebAccess allows for disclosure of sensitive information. The flaw is due to insufficient verification of certain parameters which may lead to redirection of a user's requests. This vulnerability can only be exploited if the attacker tricks the WebAccess user into clicking a malicious link and the attacker has control of a server on the same network as the system where WebAccess is being used. Workaround By switching off WebAccess the issue can no longer be exploited. This can be accomplished on affected versions of Virtual Center and ESX as follows: Virtual Center 2.0.2 and Virtual Center 2.5: Go to the Windows Services overview on the system that runs Virtual Center. To stop WebAccess without a reboot: Change the status of the VMware Infrastructure Web Access service to stop To prevent WebAccess from starting after the next reboot: Change the startup type of the VMware Infrastructure Web Access service to disabled ESX 3.0.3 and ESX 3.5: Open a root shell on ESX. To stop WebAccess without a reboot: service vmware-webAccess stop To prevent WebAccess from starting after the next reboot: chkconfig vmware-webAccess off VMware would like to thank David Byrne and Tom Leavey of Trustwave's SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2277 to this issue. b. WebAccess Virtual Machine Name Cross-site Scripting Vulnerability A cross-site scripting vulnerability allows for execution of JavaScript in the Web browser's security context for WebAccess. The flaw is due to insufficient checking on the names of virtual machines. In order to exploit the issue, the attacker must have control over the naming of a virtual machine and must have the user list this Virtual Machine in WebAccess. Workaround By switching off WebAccess the issue can no longer be exploited. See section 3.a on how this can be accomplished. VMware would like to thank Craig Marshall of Ernst and Young Advanced Security Center for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1137 to this issue. c. WebAccess URL Forwarding Vulnerability The WebAccess component doesn't sufficiently validate user supplied input and allows for forwarding of an incoming request to another destination. The destination will not be able to see the true origin of the request URL but instead will see the address of the machine that runs WebAccess. An attacker could use the forwarding vulnerability to direct traffic at servers while disguising the source location. The security issue is limited to URL forwarding. This vulnerability doesn't allow for a so-called cross-site scripting attack and doesn't allow for stealing of the user cookies. Workaround By switching off WebAccess the issue can no longer be exploited. See section 3.a on how this can be accomplished. VMware would like to thank John Fitzpatrick of MWR InfoSecurity for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0686 to this issue. d. WebAccess JSON Cross-site Scripting Vulnerability A cross-site scripting vulnerability allows for execution of JavaScript in the Web browser's security context for WebAccess. The flaw is due to incorrect parsing of JSON error messages. This vulnerability can only be exploited if the attacker tricks the WebAccess user into clicking a malicious link. Workaround By switching off WebAccess the issue can no longer be exploited. See section 3.a on how this can be accomplished. VMware would like to thank Nathan Keltner for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1193 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2010-0005.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
75 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
25 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6863 | |||
Oval ID: | oval:org.mitre.oval:def:6863 | ||
Title: | WebAccess Virtual Machine Name Cross-site Scripting Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1137 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7080 | |||
Oval ID: | oval:org.mitre.oval:def:7080 | ||
Title: | WebAccess Context Data Cross-site Scripting Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2277 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl |
2010-04-13 | Name : VMware WebAccess Multiple Vulnerabilities (Linux) File : nvt/gb_vmware_server_webaccess_mult_vuln_lin.nasl |
2010-04-13 | Name : VMware WebAccess Multiple Vulnerabilities (Win) File : nvt/gb_vmware_server_webaccess_mult_vuln_win.nasl |
2010-04-13 | Name : VMware WebAccess Cross Site Scripting vulnerability (Linux) File : nvt/gb_vmware_server_webaccess_xss_vuln_lin.nasl |
2010-04-13 | Name : VMware WebAccess Cross Site Scripting vulnerability (Win) File : nvt/gb_vmware_server_webaccess_xss_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63515 | VMware Server WebAccess JSON Error Message XSS |
63513 | VMware Multiple Products WebAccess URL Forwarding Request Origin Spoofing Wea... When logging into WebAccess an IP address is passed to the application. Changing this allows for a subsequent request to be forwarded to an arbitrary host. Using CRLF injection it is also possible to control the content of the HTTP request which is forwarded. This can allow arbitrary requests to be made to systems on networks which are not, by default, accessible - such as vmkernel and other networks which it is recommended access is restricted to for security reasons. |
63512 | VMware Multiple Products WebAccess Context Data XSS |
63319 | VMware Server Console Virtual Machine Name XSS VMware WebAccess contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the virtual machine name in the machines listing. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-04-08 | IAVM : 2010-B-0028 - Multiple Vulnerabilities in VMware WebAccess Severity : Category II - VMSKEY : V0023906 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-10-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO |
2010-04-05 | Name : An application hosted on the remote web server has a cross-site scripting vul... File : vmware_info_leak_vmsa_2010_0005.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:15 |
|
2013-12-14 21:19:31 |
|
2013-11-11 12:41:38 |
|