KLA11142
DoS and OSI vulnerabilities in VMware products
Обновлено: 26/06/2019
Дата обнаружения
09/11/2017
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in VMware vCenter Server can be exploited remotely via specially crafted LDAP network packet to cause denial of service;
  2. SSRF and CRLF injection issues in vSphere Web Client i.e. not the new HTML5-based vSphere Client can be exploited remotely to disclose sensetive information.
Пораженные продукты

VMware vCenter Server 6.5 without 6.5 U1 patch
VMware vCenter Server 6.0 without 6.0 U3c patch

vCenter Server 5.5 without 5.5 U3f patch
Решение

Update to latest versions
Download VMware vCenter Server

Первичный источник обнаружения
VMSA-2017-0017
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]
Связанные продукты
VMware vSphere Client
VMware vCenter Server
CVE-IDS
CVE-2017-49285.0Critical
CVE-2017-49275.0Critical