Summary
This host is installed with VMWare Server and is prone to multiple Vulnerabilities.
Impact
Successful exploitation will lets attackers to spoof the origin of requests via unspecified vectors and execution of JavaScript.
Impact Level: Application
Solution
Apply workaround,
http://www.vmware.com/resources/techresources/726
*****
NOTE: Ignore this warning, if above mentioned workaround is manually applied.
*****
Insight
The flaws are due to:
- An error in handling of 'proxy-server' functionality, allows to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors.
- An insufficient checking on the 'names' of virtual machines, allows for execution of JavaScript in the Web browser's security context for WebAccess.
Affected
VMware Server version 2.0 on Windows.
References
Severity
Classification
-
CVE CVE-2010-0686, CVE-2010-1193 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)