Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-3733

Published: 02/11/2009 Updated: 10/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 535
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Server

Vulnerability Summary

Directory traversal vulnerability in VMware Server 1.x prior to 1.0.10 build 203137 and 2.x prior to 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote malicious users to read arbitrary files via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

vmware server 1.0.1

vmware server 1.0.1_build_29996

vmware server 1.0.7

vmware server 1.0.8

vmware server 1.0.2

vmware server 1.0.3

vmware server 1.0.9

vmware esxi 3.5

vmware server 1.0

vmware server 1.0.5

vmware server 1.0.6

vmware server 1.0.4

vmware server 1.0.4_build_56528

vmware esx 3.0.3

vmware esx 3.5

vmware server 2.0.1

vmware server 2.0.0

Exploits

Exploit DB: VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal
source: wwwsecurityfocuscom/bid/36842/info VMware products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input data Exploiting the issue may allow an attacker to obtain sensitive information from the host operating system that could aid in further attacks description = [[ Che ...

Nmap Scripts

http-vmware-path-vuln

Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733).

nmap --script http-vmware-path-vuln -p80,443,8222,8333 <host>

| http-vmware-path-vuln:
|   VMWare path traversal (CVE-2009-3733): VULNERABLE
|     /vmware/Windows 2003/Windows 2003.vmx
|     /vmware/Pentest/Pentest - Linux/Linux Pentest Bravo.vmx
|     /vmware/Pentest/Pentest - Windows/Windows 2003.vmx
|     /mnt/vmware/vmware/FreeBSD 7.2/FreeBSD 7.2.vmx
|     /mnt/vmware/vmware/FreeBSD 8.0/FreeBSD 8.0.vmx
|     /mnt/vmware/vmware/FreeBSD 8.0 64-bit/FreeBSD 8.0 64-bit.vmx
|_    /mnt/vmware/vmware/Slackware 13 32-bit/Slackware 13 32-bit.vmx
http-vmware-path-vuln

Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733).

nmap --script http-vmware-path-vuln -p80,443,8222,8333 <host>

| http-vmware-path-vuln:
|   VMWare path traversal (CVE-2009-3733): VULNERABLE
|     /vmware/Windows 2003/Windows 2003.vmx
|     /vmware/Pentest/Pentest - Linux/Linux Pentest Bravo.vmx
|     /vmware/Pentest/Pentest - Windows/Windows 2003.vmx
|     /mnt/vmware/vmware/FreeBSD 7.2/FreeBSD 7.2.vmx
|     /mnt/vmware/vmware/FreeBSD 8.0/FreeBSD 8.0.vmx
|     /mnt/vmware/vmware/FreeBSD 8.0 64-bit/FreeBSD 8.0 64-bit.vmx
|_    /mnt/vmware/vmware/Slackware 13 32-bit/Slackware 13 32-bit.vmx

Github Repositories

https://github.com/B4m600/B4mNote

个人学习一些软件和语言所记录的笔记,同时供团队内人员学习和更新。

PhotoShop Ctrl + T: 变换图形; Ctrl + J: 复制选中区域; Ctrl + G: 将选中图层编组; Ctrl + I: 颜色反向; Ctrl + 通道层: 选中(黑白)通道对应的区域; Ctrl + Shift + I: 反选选区; 图层-&gt;添加矢量蒙版: 根据通道层扣除背景; Alt + 图层蒙版层: 进入蒙版; Ctrl + Alt + 2: 高光选区; PremierPro [时间轴] Shift +

References

CWE-22http://www.vupen.com/english/advisories/2009/3062http://lists.vmware.com/pipermail/security-announce/2009/000069.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0015.htmlhttp://www.securityfocus.com/bid/36842http://secunia.com/advisories/37186http://securitytracker.com/id?1023088http://securitytracker.com/id?1023089http://security.gentoo.org/glsa/glsa-201209-25.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822http://www.securityfocus.com/archive/1/507523/100/0/threadedhttps://nvd.nist.govhttps://github.com/B4m600/B4mNotehttps://www.exploit-db.com/exploits/33310/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook