Executive Summary
Summary | |
---|---|
Title | - VMware product updates address information disclosure issue |
Informations | |||
---|---|---|---|
Name | VMSA-2015-0008 | First vendor Publication | 2015-11-18 |
Vendor | VMware | Last vendor Modification | 2015-12-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. vCenter Server, vCloud Director, Horizon View information disclosure issue. VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity (XXE) requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed. VMware would like to thank Matthias Kaiser of Code White GmbH for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3269 to this issue. The product updates listed in the table below have also been determined to address a XML External Entity (XXE) Processing and Server Side Request Forgery vulnerability in Flex BlazeDS. VMware would like to thank James Kettle of PortSwigger Web Security for reporting these issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-5255 to these issues. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2015-0008.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-200 | Information Exposure |
50 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-09-03 | IAVM : 2015-A-0205 - Adobe Cold Fusion Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0061363 |
2015-08-20 | IAVM : 2015-B-0102 - Adobe LiveCycle Data Services Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0061331 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-09 | Name : The remote host is affected by an external entity injection vulnerability. File : hp_operations_manager_i_hpsbgn03550.nasl - Type : ACT_GATHER_INFO |
2015-12-22 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0008.nasl - Type : ACT_GATHER_INFO |
2015-11-19 | Name : A web-based application running on the remote Windows host is affected by mul... File : coldfusion_win_apsb15-29.nasl - Type : ACT_GATHER_INFO |
2015-09-03 | Name : A web-based application running on the remote Windows host is affected by an ... File : coldfusion_win_apsb15-21.nasl - Type : ACT_GATHER_INFO |
2015-04-13 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-12-23 13:26:08 |
|
2015-12-19 00:22:50 |
|
2015-12-05 13:28:37 |
|
2015-11-19 05:21:52 |
|