Virtualization Technology News and Information
Article
RSS
VMware ESX Server "Expect" Header Handling Cross Site Scripting Vulnerability

A vulnerability has been identified in VMware ESX Server, which could be exploited by attackers to execute arbitrary scripting code. For additional information, see : FrSIRT/ADV-2006-2963

Advisory ID : FrSIRT/ADV-2006-5089
CVE ID : CVE-2006-3918
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-12-20

Affected Products

VMware ESX Server versions 3.0.x
VMware ESX Server versions 2.5.x
VMware ESX Server versions 2.1.x
VMware ESX Server versions 2.0.x

Solution

A fix for this issue will be included in upcoming patch releases for ESX Server.

The FrSIRT is not aware of any official supplied patch for this issue.

Published Wednesday, December 20, 2006 7:02 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2006>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456