ID VMWARE_VCENTER_UPDATE_MGR_DETECT.NASL Type nessus Reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-02-02T00:00:00
Description
VMware vCenter Update Manager (also known as vSphere Update Manager)
was detected on the remote host. This application is used to manage
patches on vSphere hosts.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(56957);
script_version("1.5");
script_cvs_date("Date: 2019/11/22");
script_name(english:"VMware vCenter Update Manager Detection");
script_summary(english:"Check for health.xml");
script_set_attribute(attribute:"synopsis", value:"A patch management application was detected on the remote host.");
script_set_attribute(
attribute:"description",
value:
"VMware vCenter Update Manager (also known as vSphere Update Manager)
was detected on the remote host. This application is used to manage
patches on vSphere hosts."
);
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/products.html");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/28");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_update_manager");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_require_ports("Services/www", 9084);
script_dependencies("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/jetty");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:9084);
banner = get_http_banner(port:port, exit_on_fail:TRUE);
if ('Jetty' >!< banner)
exit(0, 'The web server on port ' + port + ' doesn\'t appear to be Jetty (used by VUM).');
dir = '';
url = dir + '/vci/downloads/health.xml';
res = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);
if ('<name>VMware Update Manager</name>' >!< res[2])
exit(0, 'VMware vCenter Update Manager doesn\'t appear to be on port ' + port + '.');
install = add_install(appname:'vcenter_update_mgr', port:port, dir:dir, cpe: "cpe:/a:vmware:vcenter_update_manager");
if (report_verbosity > 0)
{
report = get_install_report(
display_name:'VMware vCenter Update Manager',
installs:install,
port:port,
item:url
);
security_note(port:port, extra:report);
}
else security_note(port);
{"id": "VMWARE_VCENTER_UPDATE_MGR_DETECT.NASL", "bulletinFamily": "scanner", "title": "VMware vCenter Update Manager Detection", "description": "VMware vCenter Update Manager (also known as vSphere Update Manager)\nwas detected on the remote host. This application is used to manage\npatches on vSphere hosts.", "published": "2011-11-28T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/56957", "reporter": "This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.vmware.com/products.html"], "cvelist": [], "type": "nessus", "lastseen": "2021-02-01T07:39:15", "edition": 23, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["VMWARE_VCENTER_UPDATE_MGR_VMSA-2011-0014.NASL"]}], "modified": "2021-02-01T07:39:15", "rev": 2}, "score": {"value": -0.1, "vector": "NONE", "modified": "2021-02-01T07:39:15", "rev": 2}, "vulnersScore": -0.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56957);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"VMware vCenter Update Manager Detection\");\n script_summary(english:\"Check for health.xml\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"A patch management application was detected on the remote host.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"VMware vCenter Update Manager (also known as vSphere Update Manager)\nwas detected on the remote host. This application is used to manage\npatches on vSphere hosts.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/products.html\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_update_manager\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_require_ports(\"Services/www\", 9084);\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/jetty\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:9084);\nbanner = get_http_banner(port:port, exit_on_fail:TRUE);\n\nif ('Jetty' >!< banner)\n exit(0, 'The web server on port ' + port + ' doesn\\'t appear to be Jetty (used by VUM).');\n\ndir = '';\nurl = dir + '/vci/downloads/health.xml';\nres = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);\n\nif ('<name>VMware Update Manager</name>' >!< res[2])\n exit(0, 'VMware vCenter Update Manager doesn\\'t appear to be on port ' + port + '.');\n\ninstall = add_install(appname:'vcenter_update_mgr', port:port, dir:dir, cpe: \"cpe:/a:vmware:vcenter_update_manager\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name:'VMware vCenter Update Manager',\n installs:install,\n port:port,\n item:url\n );\n security_note(port:port, extra:report);\n}\nelse security_note(port);\n\n", "naslFamily": "CGI abuses", "pluginID": "56957", "cpe": ["cpe:/a:vmware:vcenter_update_manager"], "scheme": null}
{"nessus": [{"lastseen": "2021-01-20T15:48:09", "description": "The version of Jetty web server included with VMware vCenter Update\nManager on the remote host has a directory traversal vulnerability.\nThis is a variant of the issue previously addressed by VMware advisory\nVMSA-2010-0012.\n\nThe web server runs as SYSTEM by default. A remote, unauthenticated\nattacker could exploit this to read arbitrary files from the host.", "edition": 25, "published": "2011-11-28T00:00:00", "title": "VMware vCenter Update Manager Directory Traversal (VMSA-2011-0014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4404"], "modified": "2011-11-28T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_update_manager"], "id": "VMWARE_VCENTER_UPDATE_MGR_VMSA-2011-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/56958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\n\nif (description)\n{\n script_id(56958);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4404\");\n script_bugtraq_id(50723);\n script_xref(name:\"VMSA\", value:\"2011-0014\");\n script_xref(name:\"EDB-ID\", value:\"18138\");\n\n script_name(english:\"VMware vCenter Update Manager Directory Traversal (VMSA-2011-0014)\");\n script_summary(english:\"Attempts a directory traversal\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"An application on the remote web server has a directory traversal\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Jetty web server included with VMware vCenter Update\nManager on the remote host has a directory traversal vulnerability.\nThis is a variant of the issue previously addressed by VMware advisory\nVMSA-2010-0012.\n\nThe web server runs as SYSTEM by default. A remote, unauthenticated\nattacker could exploit this to read arbitrary files from the host.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20160412032437/http://dsecrg.com/pages/vul/show.php?id=342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0014.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to vCenter Update Manager 4.1 Update 2 / 4.0 Update 4 or\nlater.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_update_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n\n script_require_ports(\"Services/www\", 9084);\n script_dependencies(\"vmware_vcenter_update_mgr_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/vcenter_update_mgr\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:9084);\ninstall = get_install_from_kb(appname:'vcenter_update_mgr', port:port, exit_on_fail:TRUE);\n\ndir = install['dir'];\nfile = \"..\\..\\..\\jetty\\VERSION.txt\";\nurl = dir + \"/vci/downloads/.\\\" + file;\nres = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);\n\nmatch = eregmatch(string:res[2], pattern:'^(jetty-[0-9.]+)');\nif (isnull(match)) exit(0, 'The VUM install on port ' + port + ' is not affected.');\n\nif (report_verbosity > 0)\n{\n report =\n '\\nNessus obtained the web server version :\\n' +\n '\\n' + match[1] + '\\n' +\n '\\nThis information was obtained via a directory traversal attack' +\n '\\nby making the following request :\\n' +\n '\\n' + chomp(http_last_sent_request()) + '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}]}
