WebAccess Vulnerability in VMware Products
CVE-2010-0686

Currently unrated

Key Information:

Vendor: Vmware
Status: Virtualcenter
Vendor: CVE Published:; 1 April 2010

Summary

The WebAccess component in various VMware products contains a vulnerability that allows remote attackers to exploit the proxy-server functionality. By crafting specific requests, an attacker can spoof the origin of these requests, potentially leading to unauthorized access or other malicious activities. The affected versions include VMware VirtualCenter 2.0.2, 2.5, Server 2.0, and ESX versions 3.0.3 and 3.5. Prompt application of the relevant security advisories is recommended to mitigate associated risks.

References

http://www.securityfocus.com/bid/39037

vdb-entryx_refsource_BID

http://lists.vmware.com/pipermail/security-announce/2010/...

mailing-listx_refsource_MLIST

http://www.vmware.com/security/advisories/VMSA-2010-0005....

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 1, 2010
Vulnerability Reserved
Feb 22, 2010