Lucene search
RootSSV:19383HistoryApr 02, 2010 - 12:00 a.m.
VMware WebAccess URL转发安全漏洞
2010-04-0200:00:00
Root
www.seebug.org
13
0.008 Low
EPSS
Percentile
79.7%
BUGTRAQ ID: 39103
CVE ID: CVE-2010-0686
VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。
VMWare的WebAccess组件没有充分地验证用户所提供的输入,允许将入站请求转发到其他目的地。所转发的目标无法看到请求URL的真实来源,只能看到运行WebAccess的机器地址。攻击者可以利用这个转发漏洞伪造源址定向服务器上通讯。
VMWare Server 2.0
VMWare VirtualCenter 2.5
VMWare VirtualCenter 2.0.2
VMWare ESX 3.5
VMWare ESX 3.0.3
厂商补丁:
VMWare
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
Related
seebug
seebug
ZABBIX<= 1.8.1 DBcondition函数SQL注入漏洞
2010-04-02 00:00:00
cvelist
cvelist
CVE-2010-0686
2010-04-01 19:00:00
prion
prion
Spoofing
2010-04-01 19:30:00
cve
cve
CVE-2010-0686
2010-04-01 19:30:00
openvas
openvas
VMware WebAccess Multiple Vulnerabilities (Windows)
2010-04-13 00:00:00
VMware WebAccess Multiple Vulnerabilities (Linux)
2010-04-13 00:00:00
VMware WebAccess Multiple Vulnerabilities - Windows
2010-04-13 00:00:00
securityvulns
securityvulns
VMWare application WebAccess multiple security vulnerabilities
2010-03-31 00:00:00
VMSA-2010-0005 VMware products address vulnerabilities in WebAccess
2010-03-31 00:00:00
vmware
vmware
VMware products address vulnerabilities in WebAccess
2010-03-29 00:00:00