Summary
The host is running VMware vFabric tc Server and is prone to security bypass vulnerability.
Impact
Successful exploitation could allow an attacker to bypass certain security restrictions and gain unauthorized access, which may lead to further attacks.
Impact Level: Application
Solution
Upgrade to vFabric tc Server version 2.0.6.RELEASE or 2.1.2.RELEASE, For updates refer to http://www.vmware.com/products/vfabric-tcserver/
Insight
The flaw is caused by the storing of passwords for JMX authentication in an obfuscated form, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.
Affected
vFabric tc Server versions 2.0.0 through 2.0.5.SR01 vFabric tc Server versions 2.1.0 through 2.1.1.SR01
References
Severity
Classification
-
CVE CVE-2011-0527 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
- Apache Directory Listing
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities