Directory Traversal Vulnerability in VMware Server and ESXi Products
CVE-2009-3733

Currently unrated

Key Information:

Vendor: Vmware
Status: Server; Esx; Esxi
Vendor: CVE Published:; 2 November 2009

Summary

A directory traversal vulnerability exists within VMware Server and ESXi products that may allow remote attackers to access arbitrary files on the server. This flaw is exploitable through unspecified vectors and could lead to sensitive data exposure or manipulation. Affected versions include VMware Server 1.x before 1.0.10 build 203137, VMware Server 2.x before 2.0.2 build 203138, and various builds of VMware ESXi and ESX. Users are advised to apply available patches to mitigate the risk.

References

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.vupen.com/english/advisories/2009/3062

vdb-entryx_refsource_VUPEN

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 2, 2009
Vulnerability Reserved
Oct 20, 2009