Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310105849
HistoryAug 05, 2016 - 12:00 a.m.

VMware ESXi product updates address multiple important security issues (VMSA-2016-0010) - Local Version Check

2016-08-0500:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
13

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.6%

JSON

ESXi contain an HTTP header injection vulnerability due to lack of input validation.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105849");
  script_cve_id("CVE-2016-5331");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_version("2023-06-28T05:05:21+0000");
  script_name("VMware ESXi product updates address multiple important security issues (VMSA-2016-0010) - Local Version Check");

  script_xref(name:"URL", value:"http://www.vmware.com/security/advisories/VMSA-2016-0010.html");

  script_tag(name:"vuldetect", value:"Checks if the target host is missing one or more patch(es).");

  script_tag(name:"solution", value:"Apply the missing patch(es).");

  script_tag(name:"summary", value:"ESXi contain an HTTP header injection vulnerability due to lack of input validation.");

  script_tag(name:"impact", value:"An attacker can exploit this issue to set arbitrary HTTP response headers and cookies,
  which may allow for cross-site scripting and malicious redirect attacks.");

  script_tag(name:"affected", value:"ESXi 6.0 without patch ESXi600-201603101-SG.");

  script_tag(name:"last_modification", value:"2023-06-28 05:05:21 +0000 (Wed, 28 Jun 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-10-09 20:00:00 +0000 (Tue, 09 Oct 2018)");
  script_tag(name:"creation_date", value:"2016-08-05 16:10:53 +0200 (Fri, 05 Aug 2016)");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_family("VMware Local Security Checks");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_dependencies("gb_vmware_esxi_init.nasl");
  script_mandatory_keys("VMware/ESXi/LSC", "VMware/ESX/version");

  exit(0);
}

include("vmware_esx.inc");
include("version_func.inc");

if(!get_kb_item("VMware/ESXi/LSC"))
  exit(0);

if(!esxVersion = get_kb_item("VMware/ESX/version"))
  exit(0);

patches = make_array("6.0.0", "VIB:esx-base:6.0.0-1.31.3568943");

if(!patches[esxVersion])
  exit(99);

if(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

prion 1
packetstorm 1
openvas 4
ptsecurity 1
nessus 2
cve 1
vmware 2
prion
prion
Crlf injection
2016-08-08 01:59:00
packetstorm
packetstorm
VMware vSphere Hypervisor (ESXi) HTTP Response Injection
2016-08-05 00:00:00
openvas
openvas
VMware Security Updates for vCenter Server (VMSA-2016-0010)
2016-08-05 00:00:00
VMware ESXi Multiple Vulnerabilities (VMSA-2016-0010) - Active Check
2016-08-08 00:00:00
VMware Security Updates for vCenter Server (VMSA-2016-0010) - Active Check
2016-08-08 00:00:00
ptsecurity
ptsecurity
PT-2016-12: HTTP Header Injection in VMware vCenter Server and ESXi
2015-10-23 00:00:00
nessus
nessus
VMware vCenter Server 6.0.x < 6.0u2 Unspecified HTTP Header Injection (VMSA-2016-0010)
2016-08-11 00:00:00
ESXi 5.0 / 5.1 / 5.5 / 6.0 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)
2016-08-12 00:00:00
cve
cve
CVE-2016-5331
2016-08-08 01:59:00
vmware
vmware
VMware product updates address multiple important security issues
2016-08-04 00:00:00
VMware product updates address multiple security issues
2016-08-04 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.6%

JSON
Related for OPENVAS:1361412562310105849
prion1packetstorm1openvas4ptsecurity1nessus2cve1vmware2