Summary
This host is installed with VMWare Server and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will lets attackers to execute arbitrary web script or HTML.
Impact Level: Application
Solution
Apply workaround,
http://www.vmware.com/resources/techresources/726
*****
NOTE: Ignore this warning, if above mentioned workaround is manually applied.
*****
Insight
The flaws is due to error in 'Server Console' which is not properly validating the input data, which allows to inject arbitrary web script or HTML via the name of a virtual machine.
Affected
VMware Server version 1.0
References
Severity
Classification
-
CVE CVE-2010-1137 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)