Test Kennung:	1.3.6.1.4.1.25623.1.0.105849
Kategorie:	VMware Local Security Checks
Titel:	VMware ESXi product updates address multiple important security issues (VMSA-2016-0010) - Local Version Check
Zusammenfassung:	ESXi contain an HTTP header injection vulnerability due to lack of input validation.
Beschreibung:	Summary: ESXi contain an HTTP header injection vulnerability due to lack of input validation. Vulnerability Impact: An attacker can exploit this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks. Affected Software/OS: ESXi 6.0 without patch ESXi600-201603101-SG. Solution: Apply the missing patch(es). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5331 BugTraq ID: 92324 http://www.securityfocus.com/bid/92324 Bugtraq: 20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) (Google Search) http://www.securityfocus.com/archive/1/539128/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/38 http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.