Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3697

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3697
Last Modified 07 Mar 2011 10:11:11
Published 03 Sep 2008 10:12:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3697

Summary

An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.

Vulnerable Systems

Application

  • Vmware Server 1.0

  • Vmware Server 1.0.0

  • Vmware Server 1.0.1

  • Vmware Server 1.0.1 Build 29996

  • Vmware Server 1.0.2

  • Vmware Server 1.0.3

  • Vmware Server 1.0.4

  • Vmware Server 1.0.4 Build 56528

  • Vmware Server 1.0.5

  • Vmware Server 1.0.6


References

XF - vmware-isapi-extension-dos(44796)

VUPEN - ADV-2008-2466

CONFIRM - http://www.vmware.com/support/server/doc/releasenotes_server.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0014.html

SECTRACK - 1020789

BID - 30935

BUGTRAQ - 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

SREASON - 4202

SECUNIA - 31708

Related Patches

VMware VMSA-2008-0014.3 VMware Workstation 6.5.1 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2008-0014.3 VMware Server 2.0 for Windows (Update) (All Languages) (See Notes) (Rev 3)

VMware VMSA-2008-0014.3 VMware Player 2.5.1 for Windows (Update) (All Languages) (Rev 2)


Last Updated: 27 May 2016 10:48:16