ID de Prueba:	1.3.6.1.4.1.25623.1.0.105849
Categoría:	VMware Local Security Checks
Título:	VMware ESXi product updates address multiple important security issues (VMSA-2016-0010) - Local Version Check
Resumen:	ESXi contain an HTTP header injection vulnerability due to lack of input validation.
Descripción:	Summary: ESXi contain an HTTP header injection vulnerability due to lack of input validation. Vulnerability Impact: An attacker can exploit this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks. Affected Software/OS: ESXi 6.0 without patch ESXi600-201603101-SG. Solution: Apply the missing patch(es). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5331 BugTraq ID: 92324 http://www.securityfocus.com/bid/92324 Bugtraq: 20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) (Google Search) http://www.securityfocus.com/archive/1/539128/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/38 http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html http://www.securitytracker.com/id/1036543 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.