Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-0686 | First vendor Publication | 2010-04-01 |
Vendor | Cve | Last vendor Modification | 2010-04-28 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0686 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2010-04-13 | Name : VMware WebAccess Multiple Vulnerabilities (Linux) File : nvt/gb_vmware_server_webaccess_mult_vuln_lin.nasl |
2010-04-13 | Name : VMware WebAccess Multiple Vulnerabilities (Win) File : nvt/gb_vmware_server_webaccess_mult_vuln_win.nasl |
2010-04-13 | Name : VMware WebAccess Cross Site Scripting vulnerability (Linux) File : nvt/gb_vmware_server_webaccess_xss_vuln_lin.nasl |
2010-04-13 | Name : VMware WebAccess Cross Site Scripting vulnerability (Win) File : nvt/gb_vmware_server_webaccess_xss_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63513 | VMware Multiple Products WebAccess URL Forwarding Request Origin Spoofing Wea... When logging into WebAccess an IP address is passed to the application. Changing this allows for a subsequent request to be forwarded to an arbitrary host. Using CRLF injection it is also possible to control the content of the HTTP request which is forwarded. This can allow arbitrary requests to be made to systems on networks which are not, by default, accessible - such as vmkernel and other networks which it is recommended access is restricted to for security reasons. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-04-08 | IAVM : 2010-B-0028 - Multiple Vulnerabilities in VMware WebAccess Severity : Category II - VMSKEY : V0023906 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-04-05 | Name : An application hosted on the remote web server has a cross-site scripting vul... File : vmware_info_leak_vmsa_2010_0005.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:11:10 |
|
2021-04-22 01:11:45 |
|
2020-05-23 00:25:21 |
|
2013-11-11 12:38:38 |
|
2013-05-10 23:18:58 |
|