Lucene search
RootSSV:15109HistoryDec 18, 2009 - 12:00 a.m.
VMware vCenter Lab Manager WebWorks Help跨站脚本漏洞
2009-12-1800:00:00
Root
www.seebug.org
10
0.003 Low
EPSS
Percentile
67.8%
CVE ID:CVE-2009-3731
VMware vCenter Lab Manager使IT能够为开发测试创建和管理内部云,并通过自助访问研发、测试、配置和部署复杂的、多级别的应用程序所需的资源,为用户提供更高的服务等级。
WebWorks Help某个输出格式允许在线帮助在多种平台和浏览器上提交,可更加容易的在WEB或企业内网中发布信息。
WebWorks Help没有充分过滤入站请求,可导致内置WebWorks Help的应用程序触发跨站脚本攻击。
成功利用VMware产品中的此漏洞需要诱使用户点击恶意链接或在目标用户登录到vCenter时,ESX或VMware Server使用WebAccess或登录到State manager或Lab Manager时打开恶意WEB页面。
VMware vCenter Lab Manager 4.x
厂商解决方案
VMware vCenter Lab Manager 4.1已经修复此漏洞,建议用户下载使用:
http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
Related
securityvulns
securityvulns
CA20100304-01: Security Notice for CA SiteMinder
2010-03-11 00:00:00
VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues
2009-12-17 00:00:00
VMWare vCenter / ESX / WebWorks Help crossite scripting
2009-12-17 00:00:00
openvas
openvas
VMware Server Multiple Cross-Site Scripting Vulnerabilities (Linux)
2009-12-21 00:00:00
VMware Server Multiple XSS Vulnerabilities - Windows
2009-12-21 00:00:00
VMware Server Multiple XSS Vulnerabilities - Linux
2009-12-21 00:00:00
cvelist
cvelist
CVE-2009-3731
2009-12-16 18:00:00
vmware
vmware
nessus
nessus
prion
prion
Cross site scripting
2009-12-16 18:30:00
cve
cve
CVE-2009-3731
2009-12-16 18:30:00