Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105853
Category:Web application abuses
Title:VMSA-2016-0010 (CVE-2016-5331) ESXi: VMware product updates address multiple important security issues (remote active check)
Summary:ESXi contain an HTTP header injection vulnerability due to lack of input validation. An attacker can exploit; this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks.
Description:Summary:
ESXi contain an HTTP header injection vulnerability due to lack of input validation. An attacker can exploit
this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks.

Affected Software/OS:
ESXi 6.0 without patch ESXi600-201603101-SG

Solution:
Apply the missing patch(es).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-5331
BugTraq ID: 92324
http://www.securityfocus.com/bid/92324
Bugtraq: 20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) (Google Search)
http://www.securityfocus.com/archive/1/539128/100/0/threaded
http://seclists.org/fulldisclosure/2016/Aug/38
http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html
http://www.securitytracker.com/id/1036543
http://www.securitytracker.com/id/1036544
http://www.securitytracker.com/id/1036545
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.