Vulners
Lucene search
VMware Update Manager Directory Traversal
🗓️ 21 Nov 2011 00:00:00Reported by Alexey SintsovType 
packetstorm🔗 packetstormsecurity.com👁 63 Views
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | VMware Update Manager Directory Traversal | 20 Nov 201100:00 | – | zdt |
 | CVE-2011-4404 | 29 May 201815:50 | – | circl |
 | VMware Update Manager Directory Traversal (CVE-2011-4404) | 4 Sep 201200:00 | – | checkpoint_advisories |
 | CVE-2011-4404 | 19 Nov 201102:00 | – | cve |
 | CVE-2011-4404 | 19 Nov 201102:00 | – | cvelist |
 | VMware - Update Manager Directory Traversal | 21 Nov 201100:00 | – | exploitdb |
 | VMware - Update Manager Directory Traversal | 21 Nov 201100:00 | – | exploitpack |
 | VMWare Update Manager 4 Directory Traversal | 8 Jun 201509:58 | – | metasploit |
 | CVE-2011-4404 | 19 Nov 201103:58 | – | nvd |
| VMWare Update Manager 4 Directory Traversal | 31 Aug 202400:00 | – | packetstorm |
10
`DSECRG-11-042 VMware Update Manager - Directory Traversal
Application: VMware Update Manager
Versions Affected: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4.0 prior to Update 4
Vendor URL: http://vmware.com
Bugs: Directory Traversal File Read
CVE: CVE-2011-4404
CVSS2: 7.8
Exploits: YES
Reported: 06.06.2010
Vendor response: 06.06.2010
Date of Public Advisory: 18.11.2011
Authors: Alexey Sintsov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)
Description
********
Directory Traversal vulnerability was found in Jetty web server that is used by VMware Update manager.
Details
*******
Directory Traversal vulnerability was found in Jetty web server that is used by VUM.
With this vulnerability, an non-authenticated attacker can read any file on the server (with rights of the process).
Sample
******
http://<target>:9084/vci/downloads/.\..\..\..\..\..\..\..\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\rui.key
References
**********
http://dsecrg.com/pages/vul/show.php?id=342
http://www.vmware.com/security/advisories/VMSA-2011-0014.html
Fix Information
*************
Vendor make fix for this issue:
Fixed in Update Manager 5.0 Windows not affected
Fixed in Update Manager 4.1 Windows Update 2
Fixed in Update Manager 4.0 Windows Update 4
About DSecRG
*******
The main mission of DSecRG is to conduct researches of business critical systems such as ERP, CRM, SRM, BI, SCADA, banking software and others. The result of this work is then integrates in ERPScan Security Scanner. Being on the top edge of ERP and SAP security DSecRG research helps to improve a quality of ERPScan consulting services and protects you from the latest threads.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
About ERPScan
*******
ERPScan is an innovative company engaged in the research of ERP security and develops products for ERP system security assessment. Apart from this the company renders consulting services for secure configuration, development and implementation of ERP systems, and conducts comprehensive assessments and penetration testing of custom solutions.
Our flagship products are "ERPScan Security Scanner for SAP" and service "ERPScan Online" which can help customers to perform automated security assessments and compliance checks for SAP solutions.
Contact: info [at] erpscan [dot] com
http://www.erpscan.com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Nov 2011 00:00Current
EPSS0.83322