Lucene search
+L

VMware ESXi product updates to third party libraries (VMSA-2014-0008)

🗓️ 11 Sep 2014 00:00:00Reported by Copyright (C) 2014 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 34 Views

VMware ESXi product updates to third party libraries (VMSA-2014-0008

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Improper Input Validation in Apache Tomcat
18 Jan 202617:56
githubexploit
IBM Security Bulletins
Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0114)
16 Jun 201813:06
ibm
IBM Security Bulletins
Security Bulletin: Rational Insight - Apache Struts used by WebSphere Application Server 6.1 and 7 (CVE-2014-0114)
17 Jun 201804:54
ibm
IBM Security Bulletins
Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)
15 Jun 201807:00
ibm
IBM Security Bulletins
Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server (CVE-2014-0114) Does Not Affect IBM Security Key Lifecycle Manager
20 Jul 201814:15
ibm
IBM Security Bulletins
Security Bulletin: Remediation of Multiple Apache Struts 1.1 Vulnerabilities in IBM Library Support for Struts
16 Jan 202609:15
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Rational ClearCase
10 Jul 201808:34
ibm
IBM Security Bulletins
Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114
15 Jun 201807:00
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerability exists in the open source library Apache Commons FileUpload that is shipped with and used by IBM Emptoris S
2 Nov 202019:23
ibm
IBM Security Bulletins
Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Web Interface for Content Management (WEBi)
17 Jun 201812:07
ibm
Rows per page
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105086");
  script_cve_id("CVE-2014-0114", "CVE-2013-4590", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-0242", "CVE-2013-1914");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_version("2026-04-28T06:28:06+0000");
  script_name("VMware ESXi product updates to third party libraries (VMSA-2014-0008)");

  script_xref(name:"URL", value:"http://www.vmware.com/security/advisories/VMSA-2014-0008.html");

  script_tag(name:"vuldetect", value:"Checks if the target host is missing one or more patch(es).");

  script_tag(name:"insight", value:"a. vCenter Server Apache Struts Update

  The Apache Struts library is updated to address a security issue.
  This issue may lead to remote code execution after authentication.

  b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates

  tc-server has been updated to version 2.9.5 to address multiple security issues.
  This version of tc-server includes Apache Tomcat 7.0.52.

  c. Update to ESXi glibc package

  glibc is updated to address multiple security issues.

  d. vCenter and Update Manager, Oracle JRE 1.7 Update 55

  Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0
  update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014");

  script_tag(name:"solution", value:"Apply the missing patch(es).");

  script_tag(name:"summary", value:"VMware has updated vSphere third party libraries.");

  script_tag(name:"affected", value:"VMware ESXi 5.5 without patch ESXi550-201409101-SG.");

  script_tag(name:"last_modification", value:"2026-04-28 06:28:06 +0000 (Tue, 28 Apr 2026)");
  script_tag(name:"creation_date", value:"2014-09-11 11:04:01 +0100 (Thu, 11 Sep 2014)");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_family("VMware Local Security Checks");
  script_copyright("Copyright (C) 2014 Greenbone AG");
  script_dependencies("gb_vmware_esxi_init.nasl");
  script_mandatory_keys("VMware/ESXi/LSC", "VMware/ESX/version");

  exit(0);
}

include("vmware_esx.inc");
include("version_func.inc");

if(!get_kb_item("VMware/ESXi/LSC"))
  exit(0);

if(!esxVersion = get_kb_item("VMware/ESX/version"))
  exit(0);

patches = make_array("5.5.0", "VIB:esx-base:5.5.0-2.33.2068190",
                     "5.1.0", "VIB:esx-base:5.1.0-2.47.2323231");

if(!patches[esxVersion])
  exit(99);

if(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation