KLA11142
DoS and OSI vulnerabilities in VMware products

Обновлено: 03/06/2020

Дата обнаружения	09/11/2017
Уровень угрозы	Warning
Описание	Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information. Below is a complete list of vulnerabilities: An unspecified vulnerability in VMware vCenter Server can be exploited remotely via specially crafted LDAP network packet to cause denial of service; SSRF and CRLF injection issues in vSphere Web Client i.e. not the new HTML5-based vSphere Client can be exploited remotely to disclose sensetive information.
Пораженные продукты	VMware vCenter Server 6.5 without 6.5 U1 patch VMware vCenter Server 6.0 without 6.0 U3c patch vCenter Server 5.5 without 5.5 U3f patch
Решение	Update to latest versions Download VMware vCenter Server
Первичный источник обнаружения	VMSA-2017-0017
Оказываемое влияние ?	OSI [?] DoS [?]
Связанные продукты	VMware vSphere Client VMware vCenter Server
CVE-IDS	CVE-2017-49285.0Critical CVE-2017-49275.0Critical
	Узнай статистику распространения уязвимостей в твоем регионе

KLA11142DoS and OSI vulnerabilities in VMware products