Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3620

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-3620
Last Modified 07 Mar 2011 09:26:50
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-3620

Summary

The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.

Vulnerable Systems

Application

  • Vmware Esx Server 2.0.2

  • Vmware Esx Server 2.1.3

  • Vmware Esx Server 2.5.3


References

CERT-VN - VU#822476

VUPEN - ADV-2006-3075

BUGTRAQ - 20060731 Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue

MISC - http://www.corsaire.com/advisories/c051114-003.txt

XF - vmware-password-information-disclosure(28112)

BID - 19249

BUGTRAQ - 20060801 VMSA-2006-0004 Cross site scripting vulnerability and other fixes

SECUNIA - 21230

CONFIRM - http://kb.vmware.com/kb/2118366


Last Updated: 27 May 2016 10:40:59