VMware VFabric Tc Server JMX Authentication Security Bypass Vulnerability Network Vulnerability

Summary

The host is running VMware vFabric tc Server and is prone to security bypass vulnerability.

Impact

Successful exploitation could allow an attacker to bypass certain security restrictions and gain unauthorized access, which may lead to further attacks. Impact Level: Application

Solution

Upgrade to vFabric tc Server version 2.0.6.RELEASE or 2.1.2.RELEASE, For updates refer to http://www.vmware.com/products/vfabric-tcserver/

Insight

The flaw is caused by the storing of passwords for JMX authentication in an obfuscated form, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.

Affected

vFabric tc Server versions 2.0.0 through 2.0.5.SR01 vFabric tc Server versions 2.1.0 through 2.1.1.SR01

References

http://securitytracker.com/id?1025923
http://www.springsource.com/security/cve-2011-0527
http://xforce.iss.net/xforce/xfdb/69156

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0527
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

jHTTPd Directory Traversal Vulnerability
iWeb Server URL Directory Traversal Vulnerability
Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
CERN HTTPD access control bypass
Lil' HTTP Server Cross Site Scripting Vulnerability

VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability

Take action and discover your vulnerabilities