Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3618

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2005-3618
Last Modified 07 Mar 2011 09:26:50
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3618

Summary

Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.

Vulnerable Systems

Application

  • Vmware Esx Server 2.0.2

  • Vmware Esx Server 2.1.3

  • Vmware Esx Server 2.5.3


References

VUPEN - ADV-2006-3075

MISC - http://www.corsaire.com/advisories/c051114-001.txt

BUGTRAQ - 20060801 VMSA-2006-0004 Cross site scripting vulnerability and other fixes

BUGTRAQ - 20060731 Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue

SECTRACK - 1016612

SECUNIA - 21230

CONFIRM - http://kb.vmware.com/kb/2118366


Last Updated: 27 May 2016 10:40:59