CVE-2016-5331 – VMware vSphere Hypervisor (ESXi) HTTP Response Injection
https://notcve.org/view.php?id=CVE-2016-5331
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en VMware vCenter Server 6.0 en versiones anteriores a U2 y ESXi 6.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuestas HTTP a través de vectores no especificados. The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. • http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://seclists.org/fulldisclosure/2016/Aug/38 http://www.securityfocus.com/archive/1/539128/100/0/threaded http://www.securityfocus.com/bid/92324 http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.vmware.com/security/advisories/VMSA-2016-0010.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVE-2016-2078 – VMWare vSphere Web Client 6.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-2078
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter. Vulnerabilidad de XSS en el Web Client de VMware vCenter Server 5.1 en versiones anteriores a la actualización 3d, 5.5 en versiones anteriores a la actualización 3d y 6.0 en versiones anteriores a la actualización 2 en Windows permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro flashvars. VMWare vSphere web client versions 5.1 through 6.0 suffer from a flash cross site scripting vulnerability. • http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/538484/100/0/threaded http://www.securitytracker.com/id/1035961 http://www.vmware.com/security/advisories/VMSA-2016-0006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2076
https://notcve.org/view.php?id=CVE-2016-2076
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. Client Integration Plugin (CIP) en VMware vCenter Server 5.5 U3a, U3b y U3c y 6.0 en versiones anteriores a U2; vCloud Director 5.5.5; y vRealize Automation Identity Appliance 6.2.4 en versiones anteriores a 6.2.4.1 no maneja adecuadamente el contenido de sesión, lo que permite a atacantes remotos secuestrar sesiones a través de un sitio web manipulado. • http://www.securitytracker.com/id/1035570 http://www.securitytracker.com/id/1035571 http://www.securitytracker.com/id/1035572 http://www.vmware.com/security/advisories/VMSA-2016-0004.html • CWE-287: Improper Authentication •
CVE-2015-2342 – VMware vCenter Server JMX RMI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2342
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol. El servicio JMX RMI en Vmware vCenter Server 5.0 en versiones anteriores a u3e, 5.1 en versiones anteriores a u3b, 5.5 en versiones anteriores a u3 y 6.0 en versiones anterioes a u1 no restringe el registro de Mbeans, lo que permite a atacantes remotos ejecutar código arbitrario a través del protocolo RMI. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the configuration of the JMX remote interface. This interface allows a remote attacker to register attacker-controlled mbeans. • https://www.exploit-db.com/exploits/36101 http://seclists.org/fulldisclosure/2015/Oct/1 http://www.securityfocus.com/bid/76930 http://www.securitytracker.com/id/1033720 http://www.vmware.com/security/advisories/VMSA-2015-0007.html http://www.zerodayinitiative.com/advisories/ZDI-15-455 https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution https://docs.oracle.com/javase/8/docs/technotes/guides/jmx/JMX_1_4_specification.pdf https: •
CVE-2015-6932
https://notcve.org/view.php?id=CVE-2015-6932
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Vulnerabilidad en VMware vCenter Server 5.5 en versiones anteriores a u3 y 6.0 en versiones anteriores a u1, no verifica los certificados X.509 de los servidores TLS LDAP, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.securitytracker.com/id/1033582 http://www.vmware.com/security/advisories/VMSA-2015-0006.html • CWE-310: Cryptographic Issues •