VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization management application installed
that is affected by multiple vulnerabilities.

Description :

The version of VMware vCenter Server installed on the remote host is
4.0 before Update 4a, 4.1 before Update 3, or 5.0 before Update 1. As
such it is potentially affected by multiple vulnerabilities in the
embedded Apache Tomcat server and the Oracle (Sun) Java Runtime
Environment.

See also :

http://www.vmware.com/security/advisories/VMSA-2012-0005.html
http://lists.vmware.com/pipermail/security-announce/2012/000198.html

Solution :

Upgrade to VMware vCenter Server 4.0 Update 4a / 4.1 Update 3 / or 5.0
Update 1.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 66812 ()

Bugtraq ID: 49353
51442
51447

CVE ID: CVE-2011-3190
CVE-2011-3375
CVE-2012-0022