Executive Summary
Summary | |
---|---|
Title | VMware vCenter Chargeback Manager Remote Code Execution |
Informations | |||
---|---|---|---|
Name | VMSA-2013-0008 | First vendor Publication | 2013-06-11 |
Vendor | VMware | Last vendor Modification | 2013-06-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. vCenter Chargeback Manager Remote Code Execution The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execution code remotely. VMware would like to thank Andrea Micalizzi, aka rgod, for reporting this issue to us through HP's Zero Day Initiative (ZDI). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3520 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2013-0008.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-06-22 | VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file uploa... RuleID : 38965 - Revision : 3 - Type : SERVER-WEBAPP |
2016-06-22 | VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file uploa... RuleID : 38964 - Revision : 3 - Type : POLICY-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0008.nasl - Type : ACT_GATHER_INFO |
2013-06-14 | Name : The remote Windows host has an application installed that is potentially affe... File : vmware_vcenter_chargeback_manager_251.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-27 13:28:44 |
|
2014-02-17 12:07:27 |
|
2013-09-09 21:21:04 |
|