VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization management application installed
that is affected by multiple vulnerabilities.

Description :

The version of VMware vCenter Server installed on the remote host is
4.0 before Update 4a, 4.1 before Update 3, or 5.0 before Update 1. As
such it is potentially affected by multiple vulnerabilities in the
embedded Apache Tomcat server and the Oracle (Sun) Java Runtime
Environment.

See also :

http://www.vmware.com/security/advisories/VMSA-2012-0005.html
http://lists.vmware.com/pipermail/security-announce/2012/000198.html

Solution :

Upgrade to VMware vCenter Server 4.0 Update 4a / 4.1 Update 3 / or 5.0
Update 1.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 66812 ()

Bugtraq ID: 49353
51442
51447

CVE ID: CVE-2011-3190
CVE-2011-3375
CVE-2012-0022

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial