[Japanese]
|
JVNDB-2013-000084
|
VMware ESX and ESXi vulnerable to directory traversal
|
VMware ESX and ESXi contains a directory traversal vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 6.4 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
VMware
- VMware ESX 4.1 without patch ESX410-201201401-SG
- VMware ESX 4.0 without patch ESX400-201203401-SG
- VMware ESXi 5.0 without patch ESXi500-201203101-SG
- VMware ESXi 4.1 without patch ESXi410-201201401-SG
- VMware ESXi 4.0 without patch ESXi400-201203401-SG
|
It has been confirmed that ESX and ESXi 5.1 are not affected.
|
A remote attacker may delete arbitrary files on the host operating system.
|
[Apply an Update]
Apply the latest update for the version of the software being used.
|
VMware
|
- Path Traversal(CWE-22) [IPA Evaluation]
|
- CVE-2013-3658
|
- JVN : JVN#72911629
- National Vulnerability Database (NVD) : CVE-2013-3658
- IPA SECURITY ALERTS : Security Alert for Vulnerability in VMware Products (JVN#72911629)(JVN#19847770) (in Japanese)
- Related Information : ESXi CIM Services Authentication Bypass and Remote Code Execution Vulnerabilities
|
- [2013/09/06]
Web page was published
[2013/09/09]
References : Content was added
[2013/09/11]
References : Content was added
|