CVE-2011-4404 – VMware - Update Manager Directory Traversal

https://notcve.org/view.php?id=CVE-2011-4404

19 Nov 2011 — The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523. La configuración por defecto del servidor HTTP en Jetty en vSphere Update Manager bajo VMware vCenter Update Manager v4.0 antes de la actualización 4 y v4.1 antes de la actualización 2 permite realizar ataque... • https://packetstorm.news/files/id/180928 • CWE-16: Configuration •