Summary
This host is installed with VMWare Server and is prone to multiple Vulnerabilities.
Impact
Successful exploitation will lets attackers to spoof the origin of requests via unspecified vectors and execution of JavaScript.
Impact Level: Application
Solution
Apply workaround,
http://www.vmware.com/resources/techresources/726
*****
NOTE: Ignore this warning, if above mentioned workaround is manually applied.
*****
Insight
The flaws are due to:
- An error in handling of 'proxy-server' functionality, allows to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors.
- An insufficient checking on the 'names' of virtual machines, allows for execution of JavaScript in the Web browser's security context for WebAccess.
Affected
VMware Server version 2.0 on Windows.
References
Severity
Classification
-
CVE CVE-2010-0686, CVE-2010-1193 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)