5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.966 High
EPSS
Percentile
99.6%
The default configuration of the HTTP server in Jetty in vSphere Update
Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before
Update 2 allows remote attackers to conduct directory traversal attacks and
read arbitrary files via unspecified vectors, a related issue to
CVE-2009-1523.
Author | Note |
---|---|
tyhicks | There are few details at this point and it isnโt clear if jetty in Ubuntu is affected or not. Debian marked this CVE as NOT-FOR-US |
mdeslaur | looks like the bundled jetty in vsphere had not been fixed for CVE-2009-1523. Marking as not-affected. |