Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2007-04-05 |
| Product | Esx Server | Last view | 2010-04-01 |
| Version | 3.0.0 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2010-04-01 | CVE-2010-1137 | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine. |
| 7.5 | 2010-04-01 | CVE-2010-0686 | WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." |
| 4.3 | 2010-04-01 | CVE-2009-2277 | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." |
| 4.3 | 2009-12-16 | CVE-2009-3731 | Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. |
| 7.2 | 2008-06-05 | CVE-2008-2100 | Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. |
| 6.9 | 2008-06-05 | CVE-2008-0967 | Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. |
| 4.4 | 2008-06-05 | CVE-2007-5671 | HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. |
| 5 | 2007-04-05 | CVE-2007-1270 | Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 42% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 28% (2) | CWE-20 | Improper Input Validation |
| 14% (1) | CWE-189 | Numeric Errors |
| 14% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:5463 | VMware ESX server double free vulnerability may let remote users execute arbi... |
| oval:org.mitre.oval:def:5688 | VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain ... |
| oval:org.mitre.oval:def:5358 | VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain ... |
| oval:org.mitre.oval:def:5583 | VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Pri... |
| oval:org.mitre.oval:def:4768 | VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Pri... |
| oval:org.mitre.oval:def:5647 | VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code |
| oval:org.mitre.oval:def:5081 | VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code |
| oval:org.mitre.oval:def:5944 | VMware vCenter, ESX patch and vCenter Lab Manager cross-site scripting issues |
| oval:org.mitre.oval:def:7080 | WebAccess Context Data Cross-site Scripting Vulnerability |
| oval:org.mitre.oval:def:6863 | WebAccess Virtual Machine Name Cross-site Scripting Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 63513 | VMware Multiple Products WebAccess URL Forwarding Request Origin Spoofing Wea... |
| 63512 | VMware Multiple Products WebAccess Context Data XSS |
| 63319 | VMware Server Console Virtual Machine Name XSS |
| 62742 | CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/html/bookmark.htm Unspecifi... |
| 62741 | CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/scripts/switch.js Unspecifi... |
| 62740 | CA SiteMinder WebWorks Help wwhelp/wwhimpl/common/html/frameset.htm Unspecifi... |
| 62739 | CA SiteMinder WebWorks Help wwhelp/wwhimpl/api.htm Unspecified Parameter XSS |
| 62738 | CA SiteMinder WebWorks Help wwhelp_entry.html Unspecified Parameter XSS |
| 61308 | VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/common/html/book... |
| 61307 | VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/common/scripts/s... |
| 61306 | VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/common/html/fram... |
| 61305 | VMware vCenter Lab Manager WebWorks Help Page wwhelp/wwhimpl/api.htm XSS |
| 61049 | VMware vCenter Lab Manager WebWorks Help Page wwhelp_entry.html XSS |
| 46205 | VMware Multiple Products HGFS.sys user-mode METHOD_NEITHER IOCTLs Local Privi... |
| 46204 | VMware Multiple Products vmware-authd Search Path Subversion Local Privilege ... |
| 46203 | VMware Multiple Products VIX API Unspecified VM Host Arbitrary Code Execution |
| 35268 | VMware ESX Server Double-free Unspecified Issue |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl |
| 2010-04-13 | Name : VMware WebAccess Multiple Vulnerabilities (Linux) File : nvt/gb_vmware_server_webaccess_mult_vuln_lin.nasl |
| 2010-04-13 | Name : VMware WebAccess Multiple Vulnerabilities (Win) File : nvt/gb_vmware_server_webaccess_mult_vuln_win.nasl |
| 2010-04-13 | Name : VMware WebAccess Cross Site Scripting vulnerability (Linux) File : nvt/gb_vmware_server_webaccess_xss_vuln_lin.nasl |
| 2010-04-13 | Name : VMware WebAccess Cross Site Scripting vulnerability (Win) File : nvt/gb_vmware_server_webaccess_xss_vuln_win.nasl |
| 2009-12-21 | Name : VMware Server Multiple Cross-Site Scripting Vulnerabilities (Linux) File : nvt/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl |
| 2009-12-21 | Name : VMware Server Multiple Cross-Site Scripting Vulnerabilities (Win) File : nvt/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl |
| 2008-09-29 | Name : VMware VIX API Multiple Buffer Overflow Vulnerabilities (Win) File : nvt/gb_vmware_prdts_vix_api_mult_vuln.nasl |
| 2008-09-26 | Name : VMware Product(s) Local Privilege Escalation Vulnerability File : nvt/gb_vmware_prdts_prv_esc_vuln.nasl |
| 2008-09-26 | Name : VMware Tools Local Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_tools_local_prv_esc_vuln_lin.nasl |
| 2008-09-26 | Name : VMware Tools Local Privilege Escalation Vulnerability (Win) File : nvt/gb_vmware_tools_local_prv_esc_vuln_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2010-B-0028 | Multiple Vulnerabilities in VMware WebAccess Severity: Category II - VMSKEY: V0023906 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0017_remote.nasl - Type: ACT_GATHER_INFO |
| 2012-10-01 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201209-25.nasl - Type: ACT_GATHER_INFO |
| 2011-02-17 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2009-0017.nasl - Type: ACT_GATHER_INFO |
| 2010-04-05 | Name: An application hosted on the remote web server has a cross-site scripting vul... File: vmware_info_leak_vmsa_2010_0005.nasl - Type: ACT_GATHER_INFO |
| 2009-07-27 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2008-0009.nasl - Type: ACT_GATHER_INFO |
| 2008-06-09 | Name: The remote Windows host has an application that is affected by multiple issues. File: vmware_multiple_vmsa_2008_0009.nasl - Type: ACT_GATHER_INFO |
| 2008-06-09 | Name: The remote host contains an application that is affected by multiple buffer o... File: vmware_vix_api_buffer_overflow.nasl - Type: ACT_GATHER_INFO |
