Summary
The host is installed with VMWare Server that is vulnerable to multiple Cross-Site Scripting vulnerabilities.
Impact
Successful exploitation will lets attackers to cause a Denial of Service, or compromise a user's system.
Impact Level: System/Application
Solution
Apply patch,
http://kb.vmware.com/kb/1016594
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
- Multiple vulnerabilities can be exploited to disclose sensitive information, conduct cross-site scripting attacks, manipulate certain data, bypass certain security restrictions, cause a DoS, or compromise a user's system.
- Certain unspecified input passed to WebWorks help pages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Affected
VMware Server version 2.0.2 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3731 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities