Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-4404

Published: 19/11/2011 Updated: 13/12/2011
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Vmware

Vulnerability Summary

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote malicious users to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

Vulnerable Product Search on Vulmon Subscribe to Product

vmware vcenter update manager 4.1

vmware vcenter update manager 4.0

Exploits

Exploit DB: VMware - Update Manager Directory Traversal
# Exploit Title:VMware Update Manager Directory Traversal # Date:18/11/2011 # Author: Alexey Sintsov # Software Link: wwwvmwarecom/ # Version:202 # Tested on: Windows 2003 / vCenter Update Manager 41 U1 # CVE : CVE-2011-4404 DSECRG-11-042 VMware Update Manager - Directory Traversal Application: VMware Update Manager Versions Affect ...
Exploit DB: VMware Update Manager Directory Traversal
VMware Update Manager versions 41 prior to update 2 suffer from a directory traversal vulnerability ...

References

CWE-16http://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/handler/ResourceHandler.htmlhttp://www.vmware.com/security/advisories/VMSA-2011-0014.htmlhttp://jetty.codehaus.org/jetty/jetty-6/xref/org/mortbay/jetty/servlet/DefaultServlet.htmlhttp://www.securitytracker.com/id?1026341https://nvd.nist.govhttps://www.exploit-db.com/exploits/18138/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook