Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4404

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4404
Last Modified 12 Dec 2011 11:09:28
Published 18 Nov 2011 10:58:55
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4404

Summary

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

Vulnerable Systems

Application

  • Vmware Vcenter Update Manager 4.0

  • Vmware Vcenter Update Manager 4.1


References

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0014.html

CONFIRM - http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/servlet/DefaultServlet.html

CONFIRM - http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/handler/ResourceHandler.html

SECTRACK - 1026341


Last Updated: 27 May 2016 10:57:51