Lucene search

K
nessusThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.VMWARE_VCENTER_SERVER_APPLIANCE_VMSA-2014-0012.NASL
HistoryDec 12, 2014 - 12:00 a.m.

VMware vCenter Server Appliance Unspecified XSS (VMSA-2014-0012)

2014-12-1200:00:00
This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
www.tenable.com
11

The version of VMware vCenter Server Appliance installed on the remote host is 5.1 prior to Update 3. It is, therefore, affected by an unspecified cross-site scripting vulnerability. A remote attacker can exploit this by means of a specially crafted URL or malicious web page, which can result in the execution of arbitrary script code.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79863);
  script_version("1.9");
  script_cvs_date("Date: 2019/09/26 15:14:18");

  script_cve_id("CVE-2014-3797");
  script_bugtraq_id(71492);
  script_xref(name:"VMSA", value:"2014-0012");

  script_name(english:"VMware vCenter Server Appliance Unspecified XSS (VMSA-2014-0012)");
  script_summary(english:"Checks the version of VMware vCenter Server Appliance.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a virtualization appliance installed that is
affected by a cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of VMware vCenter Server Appliance installed on the remote
host is 5.1 prior to Update 3. It is, therefore, affected by an
unspecified cross-site scripting vulnerability. A remote attacker can
exploit this by means of a specially crafted URL or malicious web
page, which can result in the execution of arbitrary script code.");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0012.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to VMware vCenter Server Appliance 5.1 Update 3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_server_appliance");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/VMware vCenter Server Appliance/Version", "Host/VMware vCenter Server Appliance/Build");
  script_require_ports("Services/ssh", 22);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Host/VMware vCenter Server Appliance/Version");
build   = get_kb_item_or_exit("Host/VMware vCenter Server Appliance/Build");

if (version != "5.1.0")
  audit(AUDIT_NOT_INST, "VMware vCenter Server Appliance 5.1.x");

fixed_main_ver = "5.1.0";
fixed_build = 2308385;

if (int(build) < fixed_build)
{
  set_kb_item(name:"www/0/XSS", value:TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + version + ' Build ' + build +
      '\n  Fixed version     : ' + fixed_main_ver + ' Build ' + fixed_build +
      '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Server Appliance', version + ' Build ' + build);
VendorProductVersionCPE
vmwarevcenter_server_appliancecpe:/a:vmware:vcenter_server_appliance
Related for VMWARE_VCENTER_SERVER_APPLIANCE_VMSA-2014-0012.NASL