VMware security updates for vSphere API and ESX Service Console

ID VMSA-2012-0016
Type vmware
Reporter VMware
Modified 2012-11-15T00:00:00


a. VMware vSphere API denial of service vulnerability
The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected.
VMware would like to thank Sebastián Tello of Core Security Technologies for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.